V Tue, Jan 23, 2024 at 10:21:26AM -0500, Steve Dickson napsal(a):
> On 1/23/24 10:08 AM, Steve Dickson wrote:
> > I had to change my /etc/krb5.conf do to
> > some realm changes... and now when I
> > to a kinit to FEDORAPROJECT.ORG it
> > hangs for a while then errors with
> >
> > kinit: Cannot contact any KDC for realm 'FEDORAPROJECT.ORG' while
> > getting initial credentials
> >
> > My question is, what has to be in the /etc/krb5.conf
> > for the FEDORAPROJECT.ORG realm to be found?
> >
> > In the past I didn't think there was anything in
> > the file and assume the realm was found by the
> >
> > includedir /etc/krb5.conf.d/
> > includedir /var/lib/sss/pubconf/krb5.include.d/
> >
> On further review... it appears fedoraproject_org
> in /etc/krb5.conf.d/ defines the KDC for FEDORAPROJECT.ORG
>
> [realms]
> FEDORAPROJECT.ORG = {
> kdc = https://id.fedoraproject.org/KdcProxy
> pkinit_anchors = FILE:/etc/pki/ipa/fedoraproject_ipa_ca.crt
> }
>
> Has something change where I need to do some type of update?
>
This is roughly the correct settings.
Currently the KDC HTTP transport does not work because of a configuration
mistake on the server. 7 hours ago I managed to obtain a ticket by using a raw
Kerberos protocol with "kdc = ip02.id.fedoraproject.org:1088".
-- Petr
Attachment:
signature.asc
Description: PGP signature
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
