On Fri, 2011-09-16 at 09:31 -0400, Jimmy wrote: > ipa-getkeytab -s csp-idm.pdh.csp -p host/ews1-cybsec.pdh.csp -k > krb5.keytab > -P [entering into the main keytab /etc/krb5.keytab] > ipa-getkeytab -s csp-idm.pdh.csp -p host/ews1-cybsec.pdh.csp -k > krb5.keytab.sys1 -P [entering into a new keytab krb5.keytab.sys1] > ipa-getkeytab -s csp-idm.pdh.csp -p host/ews1-cybsec.pdh.csp -e > aes256-cts-hmac-sha1-96 -k krb5.keytab -P > ipa-getkeytab -s csp-idm.pdh.csp -p host/ews1-cybsec.pdh.csp -e > aes128-cts-hmac-sha1-96 -k krb5.keytab -P > ipa-getkeytab -s csp-idm.pdh.csp -p host/ews1-cybsec.pdh.csp -e > aes256-cts-hmac-sha1-96 -k krb5.keytab.sys1 -P > ipa-getkeytab -s csp-idm.pdh.csp -p host/ews1-cybsec.pdh.csp -e > aes128-cts-hmac-sha1-96 -k krb5.keytab.sys1 -P >
This is not how it works. You must define all types in one single go. Every time you invoke ipa-getkeytab for a principal you are discarding any previous key in the KDC, and only the last one is available. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
