On 2/11/2018 11:39 PM, Alexander Bokovoy via FreeIPA-users wrote:
On su, 11 helmi 2018, John Ratliff via FreeIPA-users wrote:
When trying to do pkinit, if I do kinit -n on one of the IdM servers,
it works fine. If I try on a client machine, it asks me for the
password for WELLKNOWN/ANONYMOUS
When trying to do pkinit, if I do kinit -n on one of the IdM servers, it
works fine. If I try on a client machine, it asks me for the password
for WELLKNOWN/ANONYMOUS@REALM.
I have the pkinit_anchors setup for the realm. As I'm trying to do
anonymous pkinit, I think I don't need a client
On 2/11/2018 7:34 PM, John Ratliff via FreeIPA-users wrote:
I don't see anything useful in the logs. If I login with my key via
ssh and then do a su - jratliff, it gets me a token. I don't know
what su - is doing that the kinit -n steps I saw isn't, but I guess
this is a workaround.
su
I don't see anything useful in the logs. If I login with my key via
ssh and then do a su - jratliff, it gets me a token. I don't know what
su - is doing that the kinit -n steps I saw isn't, but I guess this is
a workaround.
su - as non-root would run PAM stack for you through pam_sss and
On 2/6/2018 5:04 PM, Robbie Harwood wrote:
John Ratliff via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
writes:
I'm having problems with kinit and a 2FA enabled account.
When I run kinit by itself, it says 'kinit: Generic preauthentication
failure while getting initial crede
On 2/6/2018 12:34 AM, Jochen Hein via FreeIPA-users wrote:
John Ratliff via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
writes:
Okay, so the problem wasn't that it wasn't working; it's that I didn't
understand the prompts. Debian only prompts for password, but wants
password
I'm having problems with kinit and a 2FA enabled account.
When I run kinit by itself, it says 'kinit: Generic preauthentication
failure while getting initial credentials'.
I saw on the wiki where that problem is solved by doing one of two
things. You can login with the admin account (or some
On 2/3/2018 3:10 PM, John Ratliff via FreeIPA-users wrote:
I'm trying to setup freeipa with OTP. I created a TOTP under my user in
freeipa and updated my user to use 2FA (password + OTP).
When I try to do sudo, it only asks for my password and it fails every
time (presumably because it isn't
On 2/4/2018 5:55 AM, Jakub Hrozek via FreeIPA-users wrote:
On Sat, Feb 03, 2018 at 08:33:19PM -0500, John Ratliff via FreeIPA-users wrote:
I want my administrators to be part of the systemd-journal group so they can
run journalctl. How can I make a group part of a local system group like
I want my administrators to be part of the systemd-journal group so they
can run journalctl. How can I make a group part of a local system group
like this inside ipa so I don't have to add them to every group on every
system?
Thanks.
___
I'm trying to setup freeipa with OTP. I created a TOTP under my user in
freeipa and updated my user to use 2FA (password + OTP).
When I try to do sudo, it only asks for my password and it fails every
time (presumably because it isn't getting the OTP first).
I didn't see anything useful in
11 matches
Mail list logo