Hello,
We have Kerberos authentication failing on our replica server as well as client. We are also not able to add any more client or replica server.
Master FreeIPA server ds01:/etc/krb5.keytab, we get multiple entries.
[root@ds01 log]# klist -kt /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- -------------------
------------------------------------------------------
2 02/02/2015 19:33:04 host/ds01.domain.com@DOMAIN.COM
2 02/02/2015 19:33:04 host/ds01.domain.com@DOMAIN.COM
2 02/02/2015 19:33:04 host/ds01.domain.com@DOMAIN.COM
2 02/02/2015 19:33:04 host/ds01.domain.com@DOMAIN.COM
5 06/21/2017 15:44:40 host/ds02.domain.com@DOMAIN.COM
5 06/21/2017 15:44:40 host/ds02.domain.com@DOMAIN.COM
5 06/21/2017 15:44:40 host/ds02.domain.com@DOMAIN.COM
5 06/21/2017 15:44:40 host/ds02.domain.com@DOMAIN.COM
5 06/21/2017 15:44:40 host/ds02.domain.com@DOMAIN.COM
2 08/07/2017 14:09:27 host/ds01.domain.com@DOMAIN.COM
2 08/07/2017 14:09:27 host/ds01.domain.com@DOMAIN.COM
2 08/07/2017 14:09:27 host/ds01.domain.com@DOMAIN.COM
2 08/07/2017 14:09:27 host/ds01.domain.com@DOMAIN.COM
We had someone else trying to help us and now we have this issue.
- How can we remove newer entries?
- can we reset the krb5.keytab and if yes what will be the implication on replicas and client?
Thank you,
Bhavin