I manage two Kerberos 5 (non-IPA) realms, CLUENET.ORG and NULLROUTE.EU.ORG; both of them fail with `realm discover` because the KDCs do not have web servers configured for HTTPS: $ realm discover -v NULLROUTE.EU.ORG * Searching for kerberos SRV records for domain: _kerberos._udp.nullroute.eu.org * Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.nullroute.eu.org * virgule.cluenet.org:88 panther.nathan7.eu:88 * Trying to retrieve IPA certificate from virgule.cluenet.org * Trying to retrieve IPA certificate from panther.nathan7.eu ! Couldn't connect to check for IPA domain: Error performing TLS handshake: An unexpected TLS packet was received. ! Couldn't read certificate via HTTP: No PEM-encoded certificate found * Found kerberos DNS records for: nullroute.eu.org ! Failed to discover realm: No PEM-encoded certificate found realm: Couldn't discover realm: Failed to discover realm. See diagnostics. (returned 2) Using realmd 0.7-18-g90cf155.
Thank you for filing this bug. I think it's a duplicate. Could you try this with realmd git master if possible? *** This bug has been marked as a duplicate of bug 53958 ***
AFAICS, I am already using the latest git-master (commit 90cf155 in git://anongit.freedesktop.org/realmd/realmd). Note that discovery works fine with realms where KDCs do not run HTTP or HTTPS at all, e.g. ATHENA.MIT.EDU or ANDREW.CMU.EDU.
Seems to be fixed in latest master. Thanks.
Thanks for testing. I was just going to post the related commits: http://cgit.freedesktop.org/realmd/realmd/commit/?id=65595235e949a36938b5b46128b755de38f3c194 http://cgit.freedesktop.org/realmd/realmd/commit/?id=151988745bdb8b7e1ff34ac718e9fab40f7f4502 http://cgit.freedesktop.org/realmd/realmd/commit/?id=3dd23522a6dfdda207fe00cb2dc301f3612b6039
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.