[Freeipa-users] Problem with Kerberos Authentication
Jenny Galipeau
jgalipea at redhat.com
Wed Sep 23 12:45:47 UTC 2009
Michael Kang wrote:
> Dear FreeIPA community,
>
> I did try set the new user's initial password. But it didn't work
> either. I got a protocol error.
>
> Here is the output of console :
>
> [root at freeipa ~]# kinit admin
> Password for admin at ARAGON.LOCAL:
> [root at freeipa ~]# ipa-passwd haha
> Changing password for haha at ARAGON.LOCAL
> New Password:
> Confirm Password:
> [root at freeipa ~]# kinit haha
> Password for haha at ARAGON.LOCAL:
> Password expired. You must change it now.
> Enter new password:
> Enter it again:
> kinit(v5): Requested protocol version not supported while getting
> initial credentials
>
Sounds like, a Kerberos V4 request was sent to the KDC? What's in the
client's krb5.conf?
Jenny
>
>
> On Tue, Sep 22, 2009 at 9:22 PM, Jenny Galipeau <jgalipea at redhat.com
> <mailto:jgalipea at redhat.com>> wrote:
>
> Jenny Galipeau wrote:
>
>
> Michael Kang wrote:
>
> Dear FreeIPA community,
>
> I successfully installed FreeIPA this morning. Now I got a
> problem about Kerberos Authentication. New user cannot
> modify their password in shell.
>
> Hi Michael:
> Did you set the new user's initial password?
> kinit admin
> ipa passwd haha
> Thanks
> Jenny
>
> Also kinit as haha, because haha will be asked to change the
> password on first authentication.
>
> Thanks
> Jenny
>
>
> I added a new user named /haha(group: ipauser)/ based on
> the webUI. This user is not a existed system user. Then I
> added a new Delegations(allow people in group ipauser can
> modify password for group ipauser) .
>
> /[michael at freeipa Desktop]$ su - haha/
> /Password: /
>
> /Warning: Your password will expire in less than one hour./
> /Warning: password has expired./
> /Kerberos 5 Password: /
> /Warning: Your password will expire in less than one hour./
> /New UNIX password: /
> /Retype new UNIX password: /
> /su: incorrect password/
> /[michael at freeipa Desktop]$ su - root/
> /Password: /
> /[root at freeipa ~]# su - haha/
> /su: warning: cannot change directory to /home/haha: No
> such file
> or directory/
> /-sh-3.2$ /
>
>
> Root can su - haha successfully. I think that means the
> Kerberos works, but new user cannot reset their password
> in their shell.
>
> What should I do?
>
> Best Regards,
> Michael
>
> --
> Michael Kang(康上明学)
> There is a giant asleep within every man. When the giant
> awakens,miracles happen.
>
> Personal blog: http://ufusion.org - United Fusion
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
>
>
> --
> Jenny Galipeau <jgalipea at redhat.com <mailto:jgalipea at redhat.com>>
> Principal Software QA Engineer
> Red Hat, Inc. Security Engineering
>
>
>
>
> --
> Michael Kang(康上明学)
> There is a giant asleep within every man. When the giant
> awakens,miracles happen.
>
> Personal blog: http://ufusion.org - United Fusion
--
Jenny Galipeau <jgalipea at redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering
More information about the Freeipa-users
mailing list