How to generate a keytab on a RHEL7 IdM server for older IdM clients that do not support the new encryption types?

Solution Unverified - Updated -

Issue

  • I was trying for some time to follow the instructions from the manual to manually configure a system to be a IdM client.
  • The IdM server is a RHEL 7.0 server, the client is a RHEL 6.5 system. The keytab was exported on the RHEL 7 IdM server and copied to the RHEL 6.5 system.
  • It never worked. I compared this new system with an existing RHEL 6 system and noticed that there was a difference in the keytab in some of the encryption types.
  • So I tried to export the keytab on this particular client after installing the ipa-admintools. I copied the keytab and installed it on the target machine, restarted sssd and it instantly worked.
  • So I assume that you need to export the keytab on a machine with the same major RHEL release, or provide some other information (arguments) to create a valid keytab for use on a machine with another major release.

Environment

  • Red Hat Enterprise Linux 7 (IdM server)
  • Red Hat Enterprise Linux 6 (IdM client)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.