[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 21 Dec 2022 22:37:35 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268186 --- Comment #46 from Cy Schubert <cy@FreeBSD.org> --- Looking further at FreeIPA, there is no way to use MIT KRB5 kadmin command to manage or even look at the database because there is no kadmin ACL file. FreeIPA must be managed through ipa-* commands. I think someone will need to port FreeIPA to FreeBSD ports because there is no way to run ipa-join on FreeBSD. In MIT KRB5 and Heimdal KRB5 one needs to add a host principal using the kadmin command, store the key into a keytab and copy that keytab to /etc. This must be done before anyone can log into the server. In Active Directory one must use winbind (or sssd) and join the server to Active Directory using net ads join. This must be done before anyone can log into the server. In FreeIPA one must run ipa-join to add the server principal to the realm. This is similar in concept to joining a server object to an Active Directory domain. I don't know how you can do this without porting FreeIPA's client software to FreeBSD. I think the ask here is to find someone willing to port FreeIPA to FreeBSD or create a port yourself and submit it for inclusion into the ports collection. -- You are receiving this mail because: You are the assignee for the bug.