Hi, I have FreeIPA and Cockpit on the same machine. Unfortunately, I am unable to login to cockpit.
I have only one keytab: /etc/krb5.keytab (no keytab in /etc/cockpit) Looks like I have HTTP there already as well $ ipa service-add HTTP/[email protected] ipa: ERROR: service with name "HTTP/[email protected]" already exists But cockpit is saying otherwise. Not sure how can I check which keytab file is cocpit trying to read from. I am also getting 'Unknown certificate' Not sure if there is anything I can/should do about it? I am not a power user and I would appreciate any suggesions. Thanks! ~~~~ cockpit-ws loaded 1 certificates from /etc/cockpit/ws-certs.d/0-self-signed.cert cockpit-ws Using certificate: /etc/cockpit/ws-certs.d/0-self-signed.cert cockpit-ws couldn't read from connection: Peer sent fatal TLS alert: Unknown certificate cockpit-ws [34B blob data] cockpit-ws received unknown/invalid credential cookie cockpit-ws spawning /usr/libexec/cockpit-session cockpit-ws received authorize challenge cockpit-ws cockpit-session: gssapi auth failed: Request ticket server HTTP/[email protected] not found in keytab (ticket kvno 1) cockpit-ws session initialized cockpit-ws cockpit-session: authentication-failed Authentication failure cockpit-ws web service closing cockpit-session: pam_sss(cockpit:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost=10.0.1.4 user=myuser cockpit-session: pam_ssh_add: Identity added: /home/myuser/.ssh/id_rsa ([email protected]) cockpit-session: pam_unix(cockpit:session): session opened for user myuser by (uid=0) cockpit-ws 3: Permission denied. cockpit-session: pam_unix(cockpit:session): session closed for user myuser cockpit-ws cockpit-session: authentication process exited: 256; problem access-denied cockpit-ws web service closing cockpit-ws auth is idle ~~~~ ~~~~ $ klist -k Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 1 nfs/[email protected] 1 nfs/[email protected] 1 libvirt/[email protected] 1 libvirt/[email protected] 1 vnc/[email protected] 1 vnc/[email protected] ~~~~ _______________________________________________ cockpit-devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
