I must be missing something really obvious. Our IPA server is set up in the usual way on CentOS 7.2, just a “yum install ipa-server” and then an “ipa-server-install.” DNS is set up correctly and is working.
I’ve got a handful of CentOS 7.2 servers configured as IPA clients — “yum install ipa-client”, “ipa-client-install.” Auto-detection of the realm, domain and server were normal. But k5login is not working as expected. If I have this .k5login file in the admin user’s home directory on server A: [email protected][email protected] I would expect to be able to do this: kinit [email protected] ssh -K admin@serverA from anywhere in the Kerberos realm. Instead my credentials get rejected and I’m asked for the admin user’s password. It feels like sshd on the server isn’t even looking at k5login. (I also tried k5users; same result.) The permissions on .k5login are correct. I tried it with SELinux off as well just in case that was it. What blindingly obvious thing have I overlooked? Thanks.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
