Hello,


We have Kerberos authentication failing on our replica server as well as client. We are also not able to add any more client or replica server.


Master FreeIPA server ds01:/etc/krb5.keytab, we get multiple entries.


[root@ds01 log]# klist -kt /etc/krb5.keytab 
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp           Principal
---- -------------------
------------------------------------------------------
   2 02/02/2015 19:33:04 host/ds01.domain.com@DOMAIN.COM
   2 02/02/2015 19:33:04 host/ds01.domain.com@DOMAIN.COM
   2 02/02/2015 19:33:04 host/ds01.domain.com@DOMAIN.COM
   2 02/02/2015 19:33:04 host/ds01.domain.com@DOMAIN.COM
   5 06/21/2017 15:44:40 host/ds02.domain.com@DOMAIN.COM
   5 06/21/2017 15:44:40 host/ds02.domain.com@DOMAIN.COM
   5 06/21/2017 15:44:40 host/ds02.domain.com@DOMAIN.COM
   5 06/21/2017 15:44:40 host/ds02.domain.com@DOMAIN.COM
   5 06/21/2017 15:44:40 host/ds02.domain.com@DOMAIN.COM
   2 08/07/2017 14:09:27 host/ds01.domain.com@DOMAIN.COM
   2 08/07/2017 14:09:27 host/ds01.domain.com@DOMAIN.COM
   2 08/07/2017 14:09:27 host/ds01.domain.com@DOMAIN.COM
   2 08/07/2017 14:09:27 host/ds01.domain.com@DOMAIN.COM

We had someone else trying to help us and now we have this issue.

  1. How can we remove newer entries?
  2. can we reset the krb5.keytab and if yes what will be the implication on replicas and client?

Thank you,
Bhavin