On 21.02.22 19:06, Sumit Bose via FreeIPA-users wrote:
Am Fri, Feb 18, 2022 at 02:06:24PM +0100 schrieb Michael Schwartzkopff via
FreeIPA-users:
Hi,
I want to use OTP for krb tickets. Plain login works as expected. When I
start kinit user I get the response:
$ kinit user
kinit: Generic preauthentication failure while getting initial credentials
I read some docs and tried:
$ kinit -n
Password forWELLKNOWN/[email protected]:
Hi,
looks like there is something wrong in your configuration, you shouldn't
see a prompt at all:
$ kinit -n
$ klist
Ticketzwischenspeicher: KCM:1000
Standard-Principal: WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS
Valid starting Expires Service principal
21.02.2022 17:56:57 22.02.2022 17:10:55krbtgt/[email protected]
Most probably you do not have the CA certificates which signed the IPA
KDC certificate added to krb5.conf on the client.
I just added the
[realms]
MY.REALM = {
(...)
pkinit_anchors = FILE\:/etc/ca-cert.pem
}
to my krb5.conf.
No change in behaviour. kinit -n still asks me for the ANONYMOUS password.
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
