Dear FreeIPA community, I did try set the new user's initial password. But it didn't work either. I got a protocol error. Here is the output of console : <blockquote>[root@freeipa ~]# kinit admin Password for admin@ARAGON.LOCAL: [root@freeipa ~]# ipa-passwd haha Changing password for haha@ARAGON.LOCAL New Password: Confirm Password: [root@freeipa ~]# kinit haha Password for haha@ARAGON.LOCAL: Password expired. You must change it now. Enter new password: Enter it again: kinit(v5): Requested protocol version not supported while getting initial credentials </blockquote> <div class="gmail_quote"> On Tue, Sep 22, 2009 at 9:22 PM, Jenny Galipeau <<a href="mailto:jgalipea@redhat.com">jgalipea@redhat.com</a>> wrote: <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div class="im">Jenny Galipeau wrote: <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Michael Kang wrote: <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Dear FreeIPA community, I successfully installed FreeIPA this morning. Now I got a problem about Kerberos Authentication. New user cannot modify their password in shell. </blockquote> Hi Michael: Did you set the new user's initial password? kinit admin ipa passwd haha Thanks Jenny </blockquote></div> Also kinit as haha, because haha will be asked to change the password on first authentication.<div><div></div><div class="h5"> Thanks Jenny <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> I added a new user named /haha(group: ipauser)/ based on the webUI. This user is not a existed system user. Then I added a new Delegations(allow people in group ipauser can modify password for group ipauser) . /[michael@freeipa Desktop]$ su - haha/ /Password: / /Warning: Your password will expire in less than one hour./ /Warning: password has expired./ /Kerberos 5 Password: / /Warning: Your password will expire in less than one hour./ /New UNIX password: / /Retype new UNIX password: / /su: incorrect password/ /[michael@freeipa Desktop]$ su - root/ /Password: / /[root@freeipa ~]# su - haha/ /su: warning: cannot change directory to /home/haha: No such file or directory/ /-sh-3.2$ / Root can su - haha successfully. I think that means the Kerberos works, but new user cannot reset their password in their shell. What should I do? Best Regards, Michael -- Michael Kang（康上明学） There is a giant asleep within every man. When the giant awakens,miracles happen. Personal blog: <a href="http://ufusion.org" target="_blank">http://ufusion.org</a> - United Fusion ------------------------------------------------------------------------ _______________________________________________ Freeipa-users mailing list <a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a> </blockquote> </blockquote> -- Jenny Galipeau <<a href="mailto:jgalipea@redhat.com" target="_blank">jgalipea@redhat.com</a>> Principal Software QA Engineer Red Hat, Inc. Security Engineering </div></div></blockquote></div> -- Michael Kang（康上明学） There is a giant asleep within every man. When the giant awakens,miracles happen. Personal blog: <a href="http://ufusion.org">http://ufusion.org</a> - United Fusion