*** This bug is a duplicate of bug 1772447 ***
https://bugs.launchpad.net/bugs/1772447
This has already been fixed on freeipa git to use another path for these
(/var/lib/ipa/certs/)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
*** This bug is a duplicate of bug 1772447 ***
https://bugs.launchpad.net/bugs/1772447
I agree with Russ.
On the Debian side, I would not support a change to krb5-kdc to make
/var/lib/krb5kdc world readable.
I think putting the public cert in /etc/krb5kdc is fine: I can make a
case it's config
*** This bug is a duplicate of bug 1772447 ***
https://bugs.launchpad.net/bugs/1772447
keestux writes:
> That anonymous PKINIT is required right now to enable two-factor
> authentication login to web UI because since FreeIPA 4.5 we cannot use
> HTTP service keytab anymore: FreeIPA framework
*** This bug is a duplicate of bug 1772447 ***
https://bugs.launchpad.net/bugs/1772447
** This bug has been marked a duplicate of bug 1772447
freeipa installation - directory /var/lib/krb5kdc is not accessible by Apache
--
You received this bug notification because you are a member of Ubu
There was a discussion on the freeipa users list and Alexander Bokovoy was
kind enough to explain what was happening.
"We need access to the KDC's public certificate in case we are dealing
with a KDC certificate issued by a local certmonger (self-signed) which
is not trusted by the machine.
You c
