[Freeipa-users] Re: FreeIPA, kinit with OTP

Mon, 21 Feb 2022 10:06:53 -0800 

Am Fri, Feb 18, 2022 at 02:06:24PM +0100 schrieb Michael Schwartzkopff via 
FreeIPA-users:
> Hi,
> 
> 
> I want to use OTP for krb tickets. Plain login works as expected. When I
> start kinit user I get the response:
> 
> $ kinit user
> 
> kinit: Generic preauthentication failure while getting initial credentials
> 
> 
> I read some docs and tried:
> 
> $ kinit -n
> 
> Password for WELLKNOWN/[email protected]:

Hi,

looks like there is something wrong in your configuration, you shouldn't
see a prompt at all:

    $ kinit -n
    $ klist
    Ticketzwischenspeicher: KCM:1000
    Standard-Principal: WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS

    Valid starting       Expires              Service principal
    21.02.2022 17:56:57  22.02.2022 17:10:55  krbtgt/[email protected]

Most probably you do not have the CA certificates which signed the IPA
KDC certificate added to krb5.conf on the client.

HTH

bye,
Sumit

> 
> 
> Where do I set this ANONYMOUS password?
> 
> On my FreeIPA server pkinit is enabled.
> 
> 
> Mit freundlichen Grüßen,
> 
> -- 
> 
> [*] sys4 AG
> https://sys4.de, +49 (89) 30 90 46 64
> Schleißheimer Straße 26/MG,80333 München
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> Aufsichtsratsvorsitzender: Florian Kirstein
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to