Looks like I get to answer my own question, FIPS mode breaks the normal OTP setup in RHEL8:
https://bugzilla.redhat.com/show_bug.cgi?id=1872689 Bleah. On Mon, Jan 9, 2023 at 11:15 PM BuzzSaw Code <buzzsaw.c...@gmail.com> wrote: > > I've setup some new RHEL8 KDCs that will use the otp feature - I have > this working on RHEL7 without issues. > > But on the RHEL8 hosts I'm getting "preauth (otp) verify failure: > Socket type not supported" errors. > > Each KDC has a local radius server listening on the IPv6 loopback, so > the kdc.conf has this for the otp config: > > [otp] > DEFAULT = { > server = localhost6:1812 > secret = mysecret > strip_realm = true > } > > Is there a way to debug the KDC process further to see why it doesn't > like that loopback without building a custom debug kdc ? ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
