Hi, I have FreeIPA and Cockpit on the same machine.
Unfortunately, I am unable to login to cockpit.
I have only one keytab: /etc/krb5.keytab (no keytab in /etc/cockpit)
Looks like I have HTTP there already as well
$ ipa service-add HTTP/myserver.mydomain.com(a)MYDOMAIN.COM
ipa: ERROR: service with name "HTTP/myserver.mydomain.com(a)MYDOMAIN.COM" already
exists
But cockpit is saying otherwise. Not sure how can I check which keytab file is cocpit
trying to read from.
I am also getting 'Unknown certificate' Not sure if there is anything I can/should
do about it?
I am not a power user and I would appreciate any suggesions. Thanks!
~~~~
cockpit-ws loaded 1 certificates from /etc/cockpit/ws-certs.d/0-self-signed.cert
cockpit-ws Using certificate: /etc/cockpit/ws-certs.d/0-self-signed.cert
cockpit-ws couldn't read from connection: Peer sent fatal TLS alert: Unknown
certificate
cockpit-ws [34B blob data]
cockpit-ws received unknown/invalid credential cookie
cockpit-ws spawning /usr/libexec/cockpit-session
cockpit-ws received authorize challenge
cockpit-ws cockpit-session: gssapi auth failed: Request ticket server
HTTP/myserver.mydomain.com(a)MYDOMAIN.COM not found in keytab (ticket kvno 1)
cockpit-ws session initialized
cockpit-ws cockpit-session: authentication-failed Authentication failure
cockpit-ws web service closing
cockpit-session: pam_sss(cockpit:auth): authentication success; logname= uid=0 euid=0 tty=
ruser= rhost=10.0.1.4 user=myuser
cockpit-session: pam_ssh_add: Identity added: /home/myuser/.ssh/id_rsa
(myuser(a)mydomain.com)
cockpit-session: pam_unix(cockpit:session): session opened for user myuser by (uid=0)
cockpit-ws 3: Permission denied.
cockpit-session: pam_unix(cockpit:session): session closed for user myuser
cockpit-ws cockpit-session: authentication process exited: 256; problem access-denied
cockpit-ws web service closing
cockpit-ws auth is idle
~~~~
~~~~
$ klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
2 host/myserver.mydomain.com(a)MYDOMAIN.COM
2 host/myserver.mydomain.com(a)MYDOMAIN.COM
2 host/myserver.mydomain.com(a)MYDOMAIN.COM
2 host/myserver.mydomain.com(a)MYDOMAIN.COM
2 host/myserver.mydomain.com(a)MYDOMAIN.COM
2 host/myserver.mydomain.com(a)MYDOMAIN.COM
1 nfs/myserver.mydomain.com(a)MYDOMAIN.COM
1 nfs/myserver.mydomain.com(a)MYDOMAIN.COM
1 libvirt/myserver.mydomain.com(a)MYDOMAIN.COM
1 libvirt/myserver.mydomain.com(a)MYDOMAIN.COM
1 vnc/myserver.mydomain.com(a)MYDOMAIN.COM
1 vnc/myserver.mydomain.com(a)MYDOMAIN.COM
~~~~
Show replies by date