After updating ipa-server to 4.10.1-3 or newer, domain users cannot login anymore with Kerberos.

$ kinit test
Password for [email protected]:
kinit: Generic error (see e-text) while getting initial credentials

KDC logs in /var/log/krb5kdc.log might show the following error:

May 25 10:19:05 idm.example.com krb5kdc[30843](info): AS_REQ (4 etypes {aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), aes128-cts-hmac-sha1-96(17)}) 127.0.0.1: HANDLE_AUTHDATA: [email protected] for krbtgt/[email protected], No such file or directory
                  

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Here are the common uses of Markdown.

Code blocks
~~~
Code surrounded in tildes is easier to read
        
Links/URLs
[Red Hat Customer Portal](https://access.redhat.com)
Learn more Are you sure you want to update a translation? It seems an existing English Translation exists already. We appreciate your interest in having Red Hat content localized to your language. Please note that excessive use of this feature could cause delays in getting specific content you are interested in translated.