On 4.1.2016 10:48, Martin Basti wrote: > >> [root@ipa01 ~]# kinit -k -t /etc/named.keytab DNS/ipa01.example.com >> <http://ipa01.example.com> >> [root@ipa01 ~]# klist >> Ticket cache: KEYRING:persistent:0:krb_ccache_th1WCcV >> Default principal: DNS/ipa01.example....@example.com >> <mailto:DNS/ipa01.example....@example.com> >> >> Valid starting Expires Service principal >> 12/23/2015 02:07:14 12/24/2015 02:07:14 krbtgt/example....@example.com >> <mailto:krbtgt/example....@example.com> > > I have disabled unencrypted binds to 389, but I read somewhere this evening > this should not be an issue since passwords were being sent and the STARTTLS > is always being used.
Please write down *exact* configuration changes you did. Generally named-pkcs11 is using GSSAPI and not TLS, so it will not work if you enforced TLS on all connections. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
