Public bug reported:
After installing freeipa-server you cannot login via the browser. You'll get
a message: "Login failed due to an unknown reason."
In /var/log/apache2/error.log there is this:
-8X-8X--
[Thu Sep 06 12:00:28.720410 2018] [wsgi:e
There was a discussion on the freeipa users list and Alexander Bokovoy was
kind enough to explain what was happening.
"We need access to the KDC's public certificate in case we are dealing
with a KDC certificate issued by a local certmonger (self-signed) which
is not trusted by the machine.
You c
*** This bug is a duplicate of bug 1772447 ***
https://bugs.launchpad.net/bugs/1772447
** This bug has been marked a duplicate of bug 1772447
freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache
--
You received this bug notification because you are a member of Fre
*** This bug is a duplicate of bug 1772447 ***
https://bugs.launchpad.net/bugs/1772447
keestux writes:
> That anonymous PKINIT is required right now to enable two-factor
> authentication login to web UI because since FreeIPA 4.5 we cannot use
> HTTP service keytab anymore: FreeIPA framework
*** This bug is a duplicate of bug 1772447 ***
https://bugs.launchpad.net/bugs/1772447
I agree with Russ.
On the Debian side, I would not support a change to krb5-kdc to make
/var/lib/krb5kdc world readable.
I think putting the public cert in /etc/krb5kdc is fine: I can make a
case it's config
*** This bug is a duplicate of bug 1772447 ***
https://bugs.launchpad.net/bugs/1772447
This has already been fixed on freeipa git to use another path for these
(/var/lib/ipa/certs/)
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in U
6 matches
Mail list logo
