#4490 Confusing message in krb logs on the server
Closed: Invalid None Opened 9 years ago by dpal.

It seems that we have an incomplete pkinit configuration in krb5.conf on the server that renders this line in the kdc log.

Aug 13 14:03:25 <host> krb5kdc8425: preauth pkinit failed to initialize: No realms configured correctly for pkinit support

Here is the suspicious line in the krb5.conf

pkinit_anchors = FILE:/etc/ipa/ca.crt

As per information from Simo, this line is there on purpose to have clients prepared for PKINIT when FreeIPA server supports it.

As we plan to do PKINIT on the server, we will leave the line there.

Metadata Update from @dpal:
- Issue assigned to someone
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

7 years ago

Login to comment on this ticket.

Metadata