On 21/06/2022 19:45, Rob Crittenden wrote:
It seems to be an interop problem between the server and client. The RHEL 9 server is wrapping the secret with AES but the client is trying to use TripleDES (and only supports 3DES).
Upstream ticket https://pagure.io/freeipa/issue/6524 changed from a hardcoded wrapping algorithm to be more flexible but this is apparently not backwards compatible.
I'm not deeply familiar with this wrapping code so I don't know if there is a workaround yet.
Any chance you can file a RHEL-8 bug against ipa for this while I continue looking?
thanks
rob
Thanks Rob, here you go
https://bugzilla.redhat.com/show_bug.cgi?id=2100115