[Freeipa-users] Problem with Kerberos Authentication

Jenny Galipeau jgalipea at redhat.com
Wed Sep 23 12:45:47 UTC 2009 

Michael Kang wrote:
> Dear FreeIPA community,
>
> I did try set the new user's initial password. But it didn't work 
> either. I got a protocol error.
>
> Here is the output of console :
>
>     [root at freeipa ~]# kinit admin
>     Password for admin at ARAGON.LOCAL:
>     [root at freeipa ~]# ipa-passwd haha
>     Changing password for haha at ARAGON.LOCAL
>     New Password:
>     Confirm Password:
>     [root at freeipa ~]# kinit haha
>     Password for haha at ARAGON.LOCAL:
>     Password expired. You must change it now.
>     Enter new password:
>     Enter it again:
>     kinit(v5): Requested protocol version not supported while getting
>     initial credentials
>

Sounds like, a Kerberos V4 request was sent to the KDC? What's in the 
client's krb5.conf?
Jenny
>
>
> On Tue, Sep 22, 2009 at 9:22 PM, Jenny Galipeau <jgalipea at redhat.com 
> <mailto:jgalipea at redhat.com>> wrote:
>
>     Jenny Galipeau wrote:
>
>
>         Michael Kang wrote:
>
>             Dear FreeIPA community,
>
>             I successfully installed FreeIPA this morning. Now I got a
>             problem about Kerberos Authentication. New user cannot
>             modify their password in shell.
>
>         Hi Michael:
>         Did you set the new user's initial password?
>         kinit admin
>         ipa passwd haha
>         Thanks
>         Jenny
>
>     Also kinit as haha, because haha will be asked to change the
>     password on first authentication.
>
>     Thanks
>     Jenny
>
>
>             I added a new user named /haha(group: ipauser)/ based on
>             the webUI. This user is not a existed system user. Then I
>             added a new Delegations(allow people in group ipauser can
>             modify password for group ipauser) .
>
>             /[michael at freeipa Desktop]$ su - haha/
>             /Password: /
>
>             /Warning: Your password will expire in less than one hour./
>             /Warning: password has expired./
>             /Kerberos 5 Password: /
>             /Warning: Your password will expire in less than one hour./
>             /New UNIX password: /
>             /Retype new UNIX password: /
>             /su: incorrect password/
>             /[michael at freeipa Desktop]$ su - root/
>             /Password: /
>             /[root at freeipa ~]# su - haha/
>             /su: warning: cannot change directory to /home/haha: No
>             such file
>             or directory/
>             /-sh-3.2$ /
>
>
>             Root can su - haha successfully. I think that means the
>             Kerberos works, but new user cannot reset their password
>             in their shell.
>
>             What should I do?
>
>             Best Regards,
>             Michael
>
>             -- 
>             Michael Kang(康上明学)
>             There is a giant asleep within every man. When the giant
>             awakens,miracles happen.
>
>             Personal blog: http://ufusion.org - United Fusion
>             ------------------------------------------------------------------------
>
>             _______________________________________________
>             Freeipa-users mailing list
>             Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>             https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
>
>
>     -- 
>     Jenny Galipeau <jgalipea at redhat.com <mailto:jgalipea at redhat.com>>
>     Principal Software QA Engineer
>     Red Hat, Inc. Security Engineering
>
>
>
>
> -- 
> Michael Kang(康上明学)
> There is a giant asleep within every man. When the giant 
> awakens,miracles happen.
>
> Personal blog: http://ufusion.org - United Fusion


-- 
Jenny Galipeau <jgalipea at redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering

More information about the Freeipa-users mailing list