[Freeipa-devel] Failed to decrypt password

Eric vcardprocessor at vcardprocessor.com
Fri Aug 1 07:29:59 UTC 2008 

I added this rule:
--------------------
require {
        type proc_net_t;
        type ipa_kpasswd_t;
        class lnk_file read;
}
require {
        type proc_net_t;
        type ipa_kpasswd_t;
        class lnk_file read;
}
--------------------

But I'm still getting: kpasswd[28872]: Failed to decrypt password: Incorrect net address

Eric.


=============================================================

I tried on both the server and a client. The server has only one NIC.

I just updated to your testing release, still get error message: the kinit(v5): Cannot contact any KDC for requested realm while getting initial credentials

Here are my detailed logs:
--------------------------
Jul 30 11:10:54 directory yum: Updated: ipa-python-1.1.0-6.fc9.i386
Jul 30 11:10:54 directory yum: Updated: ipa-admintools-1.1.0-6.fc9.i386
Jul 30 11:10:55 directory yum: Updated: ipa-client-1.1.0-6.fc9.i386
Jul 30 11:11:22 directory kernel: SELinux: policy loaded with handle_unknown=allow
Jul 30 11:11:22 directory kernel: printk: 69 messages suppressed.
Jul 30 11:11:22 directory kernel: type=1403 audit(1217409082.231:881): policy loaded auid=0 ses=664
Jul 30 11:11:25 directory yum: Updated: ipa-server-selinux-1.1.0-6.fc9.i386
Jul 30 11:11:29 directory yum: Updated: ipa-server-1.1.0-6.fc9.i386
Jul 30 11:11:30 directory kpasswd[26824]: Setting up socket for [127.0.0.1]
Jul 30 11:11:30 directory kpasswd[26824]: Setting up socket for [10.0.0.5]
Jul 30 11:11:30 directory kpasswd[26824]: Setting up socket for [::1]
Jul 30 11:11:30 directory kernel: type=1400 audit(1217409090.414:882): avc:  denied  { read } for  pid=26824 comm="ipa_kpasswd" name="net" dev=proc ino=4026531868 scontext=unconfined_u:system_r:ipa_kpasswd_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=lnk_file
Jul 30 11:11:30 directory kpasswd[26824]: Setting up socket for [fe80::216:3eff:fe3e:d8a4%eth0]
Jul 30 11:15:17 directory kpasswd[26875]: Failed to decrypt password: Incorrect net address
Jul 30 11:15:54 directory kpasswd[26880]: Failed to decrypt password: Incorrect net address
--------------------------

Eric.

=============================================================
Are you performing kinit on the IPA server  or on a client ?
Does your IPA server have multiple NICs ?

Simo.

On Wed, 2008-07-02 at 15:11 -0700, Eric wrote:
> This is what I have:
>
> Name       : ipa-server
> Arch       : i386
> Version    : 1.1.0
> Release    : 4.fc9
>
> Eric.
>
> =============================================================
> On Wed, 2008-07-02 at 14:32 -0700, Eric wrote:
> > Hello,
> >
> > When the system requests a new password when I do 'kinit user1' for the first time, I get the following error:
> >
> > kinit(v5): Cannot contact any KDC for requested realm while getting initial credentials
> > kpasswd[1928]: Failed to decrypt password: Incorrect net address
> >
> > Is it a DNS problem?
>
> No, I think you are using an older version of freeipa, we fixed some
> problems with ipa_kpasswd and multihomed systems that might cause this
> error, what version are you using ?
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
>
--
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-devel mailing list