On to, 10 touko 2018, Josh via FreeIPA-users wrote:
On 05/10/2018 02:21 PM, Robbie Harwood wrote:
>None via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org> writes:
>
>>>Josh writes:
>>>
>>>
>>>Destroy the keytab. Recreate using ipa-getkeytab.
>>I can't use ipa-getkeytab at the moment. Is getting keytab via ktutil
>>not possible at all? Any technical details about it?
>How can you use ktutil but not ipa-getkeytab? Maybe let's look into
>that first.
>
>
Server certificate has expired and all ipa utilities fail.
Could you please stay on topic and explain if you can why ktutil can't
be used as described in
https://kb.iu.edu/d/aumh?
Does ipa makes ktutil not functional?
No, it does not. Without seeing what exactly
you did, it is not easy to
help you. Aside from a password, a KVNO value and encryption types
specified when creating a key play important role. If you use wrong
values, the key would be different to what KDC expects.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland