Am Mon, Sep 19, 2022 at 08:28:56AM +0200 schrieb Ronald Wimmer via
FreeIPA-users:
> On 14.09.22 19:23, Rob Crittenden wrote:
> > Ronald Wimmer via FreeIPA-users wrote:
> > > Hi,
> > >
> > > on one of our ipa servers kinit stopped working. kinit admin shows an
> > > error:
> > >
> > > kinit: Connection reset by peer while getting default ccache
> > >
> > > Why? What could possibly be wrong? (the default ccache should be on the
> > > same machine so why do I get a conn reset here?)
> >
> > This may provide some additional details:
> >
> > $ KRB5_TRACE=/dev/stdout kinit admin
>
> KRB5_TRACE=/dev/stdout kinit admin
> kinit: Connection refused while getting default ccache
Hi,
I guess this is a default setup where the sssd-kcm package is installed
and the default credential cache type is set to KCM. It looks like kinit
has issues connection to the KCM socket. KCM is socket activated, can
you check if systemd is handling the socket with
systemctl status sssd-kcm.socket
if this active, please check permissions on the socket and maybe look
for AVCs in the audit logs in case SELinux is preventing access to the
socket.
HTH
bye,
Sumit
>
> IPA services are running.
>
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
