aebruno
commented
5 years ago Apologies for the confusion. We need to remove the 'ipahost' config option as it's no longer used. mokey uses goipa client and this library reads the ipahost information from /etc/ipa/default.conf. If this file does not exist it defaults to 'localhost'. You can see the relevant init code here.
It is assumed that the host you're running mokey from is enrolled in FreeIPA and will have a /etc/ipa/default.conf file. If this is not the case, you may be able to just create this file and restart mokey (assuming you have the correct kerberos creds etc), however this has not been tested. Here's an example of what /etc/ipa/default.conf looks like on an enrolled FreeIPA client:
#File modified by ipa-client-install
[global]
basedn = dc=example,dc=com
realm = EXAMPLE.COM
domain = example.com
server = replica1.example.com
host = host.example.com
xmlrpc_uri = https://replica1.example.com/ipa/xml
enable_ra = TrueNote you'll also need /etc/ipa/ca.crt to be the CA cert for your FreeIPA replicas.
Hope this helps.
RutgerKe
After installing and running mokey on the FreeIPA server itself I get the following error when trying to log in.
ipa_client_error="Post https://localhost/ipa/session/login_password: x509: certificate is valid for ipa.example.comIt makes sense, localhost is not correct in that request and does not match the name on the certificate. I can't however figure out where it got that in the first place. When running mokey with debug I do get the correct name in
INFO[0000] IPA server: ipa.example.comand it is specified in the mokey config.Do you maybe have an idea whats causing this? Or an idea on how to override the URL?
Thanks in advance!
Notes:
ipa.example.comin this post