While setting up FreeIPA I got this error message:
[root@ldap]# ipa-pwpolicy --show
Could not initialize GSSAPI: ('Unspecified GSS Failure. Minor code may provide more information', 851968)/('No credentials cache found', -1765328189)
The solution was not pointed out directly, but the Free IPA documentation said that you should first log on Kerberos
kinit admin
then the following commands should work:
ldapsearch -Y GSSAPI -b "dc=phz,dc=fi" uid=admin
ipa-pwpolicy --show