[Freeipa-devel] setting passwords stopped working
Simo Sorce
ssorce at redhat.com
Mon Jun 23 18:19:26 UTC 2008
On Mon, 2008-06-23 at 17:18 +0100, Matt Bernstein wrote:
> Hi, not sure where better to send this so here goes..
>
> I installed Fedora 9 FreeIPA (1.0) a couple of weeks ago, and yum has
> since upgraded it to 1.1. Things seem to be pretty good, except changing
> (or setting new) passwords has stopped working. I don't know if the
> upgrade was the cause of the error, but I thought I'd better mention it.
>
> User's interaction:
>
> $ kinit -V tim
> Password for tim at TEST.EECS.QMUL.AC.UK:
> Password expired. You must change it now.
> Enter new password:
> Enter it again:
> kinit(v5): Password change failed while getting initial credentials
>
> >From krb5kdc.log:
>
> Jun 23 17:06:43 eagle krb5kdc[1357](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 138.37.95.132: CLIENT KEY EXPIRED: tim at TEST.EECS.QMUL.AC.UK for krbtgt/TEST.EECS.QMUL.AC.UK at TEST.EECS.QMUL.AC.UK, Password has expired
> Jun 23 17:06:43 eagle krb5kdc[1357](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 138.37.95.132: NEEDED_PREAUTH: tim at TEST.EECS.QMUL.AC.UK for kadmin/changepw at TEST.EECS.QMUL.AC.UK, Additional pre-authentication required
> Jun 23 17:06:45 eagle krb5kdc[1357](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 138.37.95.132: ISSUE: authtime 1214237205, etypes {rep=18 tkt=18 ses=18}, tim at TEST.EECS.QMUL.AC.UK for kadmin/changepw at TEST.EECS.QMUL.AC.UK
> Jun 23 17:06:46 eagle krb5kdc[1357](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 138.37.95.132: NEEDED_PREAUTH: kadmin/changepw at TEST.EECS.QMUL.AC.UK for krbtgt/TEST.EECS.QMUL.AC.UK at TEST.EECS.QMUL.AC.UK, Additional pre-authentication required
> Jun 23 17:06:46 eagle krb5kdc[1357](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 138.37.95.132: ISSUE: authtime 1214237206, etypes {rep=18 tkt=18 ses=18}, kadmin/changepw at TEST.EECS.QMUL.AC.UK for krbtgt/TEST.EECS.QMUL.AC.UK at TEST.EECS.QMUL.AC.UK
> Jun 23 17:06:46 eagle krb5kdc[1357](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 138.37.95.132: ISSUE: authtime 1214237206, etypes {rep=18 tkt=18 ses=18}, kadmin/changepw at TEST.EECS.QMUL.AC.UK for ldap/eagle.test.eecs.qmul.ac.uk at TEST.EECS.QMUL.AC.UK
>
> >From syslog:
>
> Jun 23 17:06:46 eagle kpasswd[1852]: ldap_parse_result(): [Password generation not implemented.#012]
> Jun 23 17:06:46 eagle kpasswd[1852]: Password change failed
Matt,
can your run ldd /usr/sbin/ipa_kpasswd and paste here the output ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list