kt s via FreeIPA-users wrote: > when I login in with administrator, I got an error "Kerberos principal > expiration". > > I can't login in now ,so how to change Kerberos principal time.
You'll need your Directory Manager password which was set during IPA server installation. Since you don't have access to the API you'll need to use LDAP directly. You'll need to replace the dc components to match your environment. $ ldapmodify -x -D 'cn=Directory Manager' -W dn: uid=admin,cn=users,cn=accounts,dc=example,dc=test changetype: modify delete: krbprincipalexpiration <empty line> ^D This will remove the expiration date from the admin user. You can choose to add a new one if you wish afterward though I can't say I'd recommend it. rob -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
