Cannot authenticate using Kerberos after upgrading Red Hat Identity Management

Solution Verified - Updated -

Issue

  • After updating ipa-server to 4.10.1-3 or newer, domain users cannot login anymore with Kerberos.

    $ kinit test
Password for test@EXAMPLE.COM:
kinit: Generic error (see e-text) while getting initial credentials

  • KDC logs in /var/log/krb5kdc.log might show the following error:

    May 25 10:19:05 idm.example.com krb5kdc[30843](info): AS_REQ (4 etypes {aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), aes128-cts-hmac-sha1-96(17)}) 127.0.0.1: HANDLE_AUTHDATA: test@EXAMPLE.COM for krbtgt/EXAMPLE.COM@EXAMPLE.COM, No such file or directory

Environment

  • Red Hat Enterprise Linux Server (RHEL) 9
  • Red Hat Identity Management (idM)
  • ipa-server-4.10.1-3.el9 and newer

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content