On Thu, Aug 24, 2017 at 09:51:51AM -0500, Kat via FreeIPA-users wrote:
Hi all,
Has anyone seen this before:
1. User created, and being used for logins, no issues. Works just fine.
2. At one point, keytab file is retrieved via getkeytab, which also works.
3. After the keytab is retrieved, the password no longer seems to work???
Weirdness - am I missing something here? This can be repeated with any user
set to retrieve their keytab.
see man ipa-getkeytab "WARNING: retrieving the keytab resets the secret
for the Kerberos principal. This renders all other keytabs for that
principal invalid."
This means by default ipa-getkeytab will override the current
secret/password with a random one which will be added to the keytab as
well.
In your case you might want to have a look at the -r or -p option of
ipa-getkeytab.
HTH
bye,
Sumit
>
> -K
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org