Hi Rob, Apologies for the delay in responding to your message. I have been trying to investigate the issue by looking at the logs for KDC and httpd, but so far, I have not been able to find any useful information. I also attempted to enable debug mode in KDC, but it appears that there is no debug output available for the server.
The problem seems to occur when someone encounters it, such as when my colleagues are actively using certmonger and need to add hosts and certificates for their services. At times, the API suddenly throws error messages, and I have limited room to investigate the problem properly without resorting to restarting the service, which is not an ideal solution. I was hoping that someone could provide me with a general dataflow model from the time a basic command, such as 'ipa ca-show ipa', is issued until the result is returned. While I have a basic understanding of the Kerberos exchange, I tend to get lost when Apache mod_auth_gssapi and gssproxy are involved in the exchange, and I am unsure of who is requesting what. Maybe after that realization of where to look for the problem will come. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue