Hi David, > Hello Harri, > > the FreeIPA certificate database is stored in /etc/ipa/nssdb, by default the > permissions are set to: > > $ ls -dl /etc/ipa/nssdb/ > drwxr-xr-x. 2 root root 73 Apr 15 14:00 /etc/ipa/nssdb/ > > $ ls -l /etc/ipa/nssdb/ > total 80 > -rw-r--r--. 1 root root 65536 Apr 15 14:00 cert8.db > -rw-r--r--. 1 root root 16384 Apr 15 14:00 key3.db > -rw-------. 1 root root 40 Apr 15 14:00 pwdfile.txt > -rw-r--r--. 1 root root 16384 Apr 15 14:00 secmod.db > > Please check the permission on your system. If it's different and you (or > system admin) haven't changed it please file a ticket > (https://fedorahosted.org/freeipa/newticket). >
Sorry, I should have mentioned that the client runs Debian with freeipa 4.0.5. # ls -al /etc/ipa/ total 24 drwxr-xr-x 2 root root 4096 Dec 29 08:32 . drwxr-xr-x 190 root root 12288 Apr 15 12:44 .. -rw-r--r-- 1 root root 1792 Dec 29 08:32 ca.crt -rw-r--r-- 1 root root 194 Dec 29 08:32 default.conf No nssdb. AFAICS only the ipa servers in my lan have a directory /etc/ipa/nssdb (CentOS 7). On the clients I can see a cert8.db in /etc/pki/nssdb. Looking at the time stamp it seems to be related to freeipa. # ls -al /etc/pki/nssdb/ total 76 drwxr-xr-x 2 root root 4096 Dec 29 08:32 . drwxr-xr-x 3 root root 4096 Dec 28 16:09 .. -rw------- 1 root root 65536 Dec 29 08:32 cert8.db -rw------- 1 root root 16384 Dec 29 08:32 key3.db -rw------- 1 root root 16384 Dec 29 08:32 secmod.db No pwdfile.txt . I would guess the key database has been created with --empty-password. Does this look familiar, or is this misconfigured and weird? Sorry for asking stupid questions, but the setup in my lan is all I have. I have never had a chance to see another freeipa installation. Hope you don't mind? Regards Harri -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
