On 5.12.2014 22:24, Petr Spacek wrote:
On 5.12.2014 21:53, Alexander Bokovoy wrote:
On Fri, 05 Dec 2014, Alexander Bokovoy wrote:
On Fri, 05 Dec 2014, Petr Spacek wrote:
On 5.12.2014 15:21, Andreas Ladanyi wrote:
Am 05.12.2014 um 14:04 schrieb Alexander Bokovoy:
Ok, i see one difference: i
I'm also getting errors but they are different to yours. Here is what I
did:
(on master.f21.test, realm F21.TEST):
[root@master ~]# kadmin.local -x ipa-setup-override-restrictions -r
F21.TEST
Authenticating as principal root/ad...@f21.test with password.
kadmin.local: addprinc
On Fri, 05 Dec 2014, Andreas Ladanyi wrote:
I'm also getting errors but they are different to yours. Here is what I
did:
(on master.f21.test, realm F21.TEST):
[root@master ~]# kadmin.local -x ipa-setup-override-restrictions -r
F21.TEST
Authenticating as principal root/ad...@f21.test with
On Fri, 05 Dec 2014, Alexander Bokovoy wrote:
On Fri, 05 Dec 2014, Andreas Ladanyi wrote:
I'm also getting errors but they are different to yours. Here is what I
did:
(on master.f21.test, realm F21.TEST):
[root@master ~]# kadmin.local -x ipa-setup-override-restrictions -r
F21.TEST
Am 05.12.2014 um 14:04 schrieb Alexander Bokovoy:
Ok, i see one difference: i didnt use the -requires_preauth flag. Why
did you use them ?
Because this is recommended by MIT documentation. The link between
realms has to be protected well, including preauth and good passwords
for the
On 5.12.2014 15:21, Andreas Ladanyi wrote:
Am 05.12.2014 um 14:04 schrieb Alexander Bokovoy:
Ok, i see one difference: i didnt use the -requires_preauth flag. Why
did you use them ?
Because this is recommended by MIT documentation. The link between
realms has to be protected well, including
On Fri, 05 Dec 2014, Petr Spacek wrote:
On 5.12.2014 15:21, Andreas Ladanyi wrote:
Am 05.12.2014 um 14:04 schrieb Alexander Bokovoy:
Ok, i see one difference: i didnt use the -requires_preauth flag. Why
did you use them ?
Because this is recommended by MIT documentation. The link between
On Fri, 05 Dec 2014, Alexander Bokovoy wrote:
On Fri, 05 Dec 2014, Petr Spacek wrote:
On 5.12.2014 15:21, Andreas Ladanyi wrote:
Am 05.12.2014 um 14:04 schrieb Alexander Bokovoy:
Ok, i see one difference: i didnt use the -requires_preauth flag. Why
did you use them ?
Because this is
On 5.12.2014 21:53, Alexander Bokovoy wrote:
On Fri, 05 Dec 2014, Alexander Bokovoy wrote:
On Fri, 05 Dec 2014, Petr Spacek wrote:
On 5.12.2014 15:21, Andreas Ladanyi wrote:
Am 05.12.2014 um 14:04 schrieb Alexander Bokovoy:
Ok, i see one difference: i didnt use the -requires_preauth flag.
Am 03.12.2014 um 14:53 schrieb Alexander Bokovoy:
On Wed, 03 Dec 2014, Andreas Ladanyi wrote:
Hi,
iam trying to setup a cross-realm relationship.
Generated krbtgt cross-realm principals on both KDCs with the same
password and kvno:
krbtgt/REALM_B (MIT Kerberos)@REALM_A (FreeIPA 3.3.5)
On Thu, 04 Dec 2014, Andreas Ladanyi wrote:
Am 03.12.2014 um 14:53 schrieb Alexander Bokovoy:
On Wed, 03 Dec 2014, Andreas Ladanyi wrote:
Hi,
iam trying to setup a cross-realm relationship.
Generated krbtgt cross-realm principals on both KDCs with the same
password and kvno:
krbtgt/REALM_B
On 4.12.2014 12:07, Alexander Bokovoy wrote:
On Thu, 04 Dec 2014, Andreas Ladanyi wrote:
Am 03.12.2014 um 14:53 schrieb Alexander Bokovoy:
On Wed, 03 Dec 2014, Andreas Ladanyi wrote:
Hi,
iam trying to setup a cross-realm relationship.
Generated krbtgt cross-realm principals on both KDCs
On Thu, 04 Dec 2014, Petr Spacek wrote:
And /var/log/krb5kdc.log on master.f21.test (KDC for F21.TEST) I can
see:
Dec 04 12:41:52 master.f21.test krb5kdc[1131](info): bad realm transit path
from 'ad...@ipa5.test' to 'host/master.f21.t...@f21.test' via ''
Dec 04 12:41:52 master.f21.test
On Thu, 4 Dec 2014 13:22:01 +0200
Alexander Bokovoy aboko...@redhat.com wrote:
On Thu, 04 Dec 2014, Petr Spacek wrote:
And /var/log/krb5kdc.log on master.f21.test (KDC for F21.TEST) I
can see:
Dec 04 12:41:52 master.f21.test krb5kdc[1131](info): bad realm
transit path from
On 4.12.2014 16:58, Simo Sorce wrote:
On Thu, 4 Dec 2014 13:22:01 +0200
Alexander Bokovoy aboko...@redhat.com wrote:
On Thu, 04 Dec 2014, Petr Spacek wrote:
And /var/log/krb5kdc.log on master.f21.test (KDC for F21.TEST) I
can see:
Dec 04 12:41:52 master.f21.test krb5kdc[1131](info): bad
On Thu, 04 Dec 2014, Petr Spacek wrote:
On 4.12.2014 16:58, Simo Sorce wrote:
On Thu, 4 Dec 2014 13:22:01 +0200
Alexander Bokovoy aboko...@redhat.com wrote:
On Thu, 04 Dec 2014, Petr Spacek wrote:
And /var/log/krb5kdc.log on master.f21.test (KDC for F21.TEST) I
can see:
Dec 04 12:41:52
On 4.12.2014 17:27, Alexander Bokovoy wrote:
On Thu, 04 Dec 2014, Petr Spacek wrote:
On 4.12.2014 16:58, Simo Sorce wrote:
On Thu, 4 Dec 2014 13:22:01 +0200
Alexander Bokovoy aboko...@redhat.com wrote:
On Thu, 04 Dec 2014, Petr Spacek wrote:
And /var/log/krb5kdc.log on master.f21.test (KDC
On Wed, 03 Dec 2014, Andreas Ladanyi wrote:
Hi,
iam trying to setup a cross-realm relationship.
Generated krbtgt cross-realm principals on both KDCs with the same
password and kvno:
krbtgt/REALM_B (MIT Kerberos)@REALM_A (FreeIPA 3.3.5)
krbtgt/REALM_A@REALM_B
getprinc on REALM_A KDC for
18 matches
Mail list logo
