I appreciate your time and information - I would like to use the IPA-issued PKINIT certificate, and suspect that's what we'd already done prior to the other certs expiring.
I ran ipa-certupdate in case the IPA-issued cert needed it, the command was successful. (but maybe not needed) ipa service-find appears to show success in communicating with the enrolled hosts. I reset my ipa password through the web UI and now kinit works (with the reset-expired step) - I can log in with my IPA domain credentials through our instance of open ondemand, and it allows me shell access to the servers in the cluster. While in the shell - I can ssh to other domain hosts with the same credentials. The only thing it seems to reject is direct ssh login with my credentials from my windows command line. It just silently rejects the correct password. Is that access provided by the PKINIT certificate? Or possibly the ssh role was somehow corrupted ? If this question is beyond the scope of this thread I apologize! Thanks! Jesse -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
