On Mon, Apr 17, 2017 at 04:49:59PM +0300, Alexander Bokovoy wrote:
> On Mon, 17 Apr 2017, Jan Pazdziora wrote:
> >
> > Hello,
> >
> > on freeipa-server-4.4.4-1.fc25.x86_64, admin can generate and retrieve
> > new keytab for a service but they cannot retrieve the existing keys
> > with the -r opti
On Mon, 17 Apr 2017, Jan Pazdziora wrote:
Hello,
on freeipa-server-4.4.4-1.fc25.x86_64, admin can generate and retrieve
new keytab for a service but they cannot retrieve the existing keys
with the -r option. Is that expected?
Yes. Access to existing keys is intentionally restricted. There are
Hello,
on freeipa-server-4.4.4-1.fc25.x86_64, admin can generate and retrieve
new keytab for a service but they cannot retrieve the existing keys
with the -r option. Is that expected?
# kdestroy -A
# kinit admin
Password for ad...@example.test:
# ipa host-add test1.example.test --force