Torsten Harenberg
2015-09-03 09:08:15 UTC
Dear all,
I cannot get an "admin" kerberos token anymore on our main IPA server:
[***@ipa log]# kinit admin
kinit: Clients credentials have been revoked while getting initial
credentials
Sep 03 11:02:30 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
AS_REQ (6 etypes {18 17 16 23 25 26}) 132.195.124.12: LOCKED_OUT:
***@PLEIADES.UNI-WUPPERTAL.DE for
krbtgt/PLEIADES.UNI-***@PLEIADES.UNI-WUPPERTAL.DE, Clients
credentials have been revoked
also login via HTTP is not possible anymore:
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
AS_REQ (6 etypes {18 17 16 23 25 26}) 132.195.124.12: NEEDED_PREAUTH:
HTTP/ipa.pleiades.uni-***@PLEIADES.UNI-WUPPERTAL.DE for
krbtgt/PLEIADES.UNI-***@PLEIADES.UNI-WUPPERTAL.DE, Additional
pre-authentication required
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
closing down fd 11
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
AS_REQ (6 etypes {18 17 16 23 25 26}) 132.195.124.12: ISSUE: authtime
1441271092, etypes {rep=18 tkt=18 ses=18},
HTTP/ipa.pleiades.uni-***@PLEIADES.UNI-WUPPERTAL.DE for
krbtgt/PLEIADES.UNI-***@PLEIADES.UNI-WUPPERTAL.DE
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
closing down fd 11
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
AS_REQ (6 etypes {18 17 16 23 25 26}) 132.195.124.12: LOCKED_OUT:
***@PLEIADES.UNI-WUPPERTAL.DE for
krbtgt/PLEIADES.UNI-***@PLEIADES.UNI-WUPPERTAL.DE, Clients
credentials have been revoked
while the same works on the secondary server.
I read
http://web.mit.edu/kerberos/krb5-devel/doc/admin/lockout.html
but this did not give me a clue how to get out of this.
I am pretty sure that I never entered a wrong password, but of course
someone could have tried to log in on the Web interface.
Any idea how this can be resolved?
Kind regards
Torsten
--
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<> <>
<> Dr. Torsten Harenberg ***@physik.uni-wuppertal.de <>
<> Bergische Universitaet <>
<> FB C - Physik Tel.: +49 (0)202 439-3521 <>
<> Gaussstr. 20 Fax : +49 (0)202 439-2811 <>
<> 42097 Wuppertal <>
<> <>
<><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><>
I cannot get an "admin" kerberos token anymore on our main IPA server:
[***@ipa log]# kinit admin
kinit: Clients credentials have been revoked while getting initial
credentials
Sep 03 11:02:30 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
AS_REQ (6 etypes {18 17 16 23 25 26}) 132.195.124.12: LOCKED_OUT:
***@PLEIADES.UNI-WUPPERTAL.DE for
krbtgt/PLEIADES.UNI-***@PLEIADES.UNI-WUPPERTAL.DE, Clients
credentials have been revoked
also login via HTTP is not possible anymore:
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
AS_REQ (6 etypes {18 17 16 23 25 26}) 132.195.124.12: NEEDED_PREAUTH:
HTTP/ipa.pleiades.uni-***@PLEIADES.UNI-WUPPERTAL.DE for
krbtgt/PLEIADES.UNI-***@PLEIADES.UNI-WUPPERTAL.DE, Additional
pre-authentication required
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
closing down fd 11
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
AS_REQ (6 etypes {18 17 16 23 25 26}) 132.195.124.12: ISSUE: authtime
1441271092, etypes {rep=18 tkt=18 ses=18},
HTTP/ipa.pleiades.uni-***@PLEIADES.UNI-WUPPERTAL.DE for
krbtgt/PLEIADES.UNI-***@PLEIADES.UNI-WUPPERTAL.DE
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
closing down fd 11
Sep 03 11:04:52 ipa.pleiades.uni-wuppertal.de krb5kdc[1351](info):
AS_REQ (6 etypes {18 17 16 23 25 26}) 132.195.124.12: LOCKED_OUT:
***@PLEIADES.UNI-WUPPERTAL.DE for
krbtgt/PLEIADES.UNI-***@PLEIADES.UNI-WUPPERTAL.DE, Clients
credentials have been revoked
while the same works on the secondary server.
I read
http://web.mit.edu/kerberos/krb5-devel/doc/admin/lockout.html
but this did not give me a clue how to get out of this.
I am pretty sure that I never entered a wrong password, but of course
someone could have tried to log in on the Web interface.
Any idea how this can be resolved?
Kind regards
Torsten
--
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<> <>
<> Dr. Torsten Harenberg ***@physik.uni-wuppertal.de <>
<> Bergische Universitaet <>
<> FB C - Physik Tel.: +49 (0)202 439-3521 <>
<> Gaussstr. 20 Fax : +49 (0)202 439-2811 <>
<> 42097 Wuppertal <>
<> <>
<><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project