IPA: VERSION: 4.4.0, API_VERSION: 2.213
This may be for lack of understanding the process, but..
When I retrieve a keytab for a principal using ipa-getkeytab, the kvno is
increased on the idm.
In our test environment we have two ipa servers running and the kvno is only
increased on one of them. After several retrivals, one principals kvno is now
on 5 on ipa1 and 18 on ipa2.
That means the resulting keytab is only usable on one ipa server and results in
a "password expired" message from the other ipa server.
How do I synchronize the two Kerberos servers and how do I avoid this?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project