Jeremy Tourville via FreeIPA-users wrote:
I have noted that klist and kvno don't match for the keytab I
fetched earlier. Could this cause issues with named or are those two separate issues?
How do I get them to match?
[root@gsil-ipa01 data]# klist -ek /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
5 host/gsil-ipa01.idm.gsil.smil(a)IDM.GSIL.SMIL (aes256-cts-hmac-sha384-192)
5 host/gsil-ipa01.idm.gsil.smil(a)IDM.GSIL.SMIL (aes128-cts-hmac-sha256-128)
5 host/gsil-ipa01.idm.gsil.smil(a)IDM.GSIL.SMIL (aes256-cts-hmac-sha1-96)
5 host/gsil-ipa01.idm.gsil.smil(a)IDM.GSIL.SMIL (aes128-cts-hmac-sha1-96)
[root@gsil-ipa01 data]# kvno host/gsil-ipa01.idm.gsil.smil(a)IDM.GSIL.SMIL
host/gsil-ipa01.idm.gsil.smil(a)IDM.GSIL.SMIL: kvno = 2
Yes, it is basically: the passwords don't match. In a previous e-mail
healthcehck reported that replication wasn't working, that might account
for it.
rob