[Freeipa-users] Upgraded server from Fedora 13 to 14: Cannot reset user passwords
Simo Sorce
ssorce at redhat.com
Fri Dec 17 18:25:32 UTC 2010
On Fri, 17 Dec 2010 10:47:06 -0500
Dan Scott <danieljamesscott at gmail.com> wrote:
> Hi,
>
> I have recently upgraded one of our server from Fedora 13 to 14.
> Recently, I noticed that I cannot reset user passwords any more:
>
> A database error occurred: Operations error: Failed to update password
>
> The log file contains the following entries:
> [16/Dec/2010:10:47:08 -0500] ipa_pwd_extop - encoding asn1
> EncryptionKey failed [16/Dec/2010:10:47:08 -0500] ipa_pwd_extop -
> encoding asn1 KrbSalt failed [16/Dec/2010:10:47:08 -0500]
> ipa_pwd_extop - key encryption/encoding failed
>
> Packages:
> 389-ds-base-1.2.7.4-1.fc14.x86_64
> ipa-server-1.2.2-5.fc14.x86_64
>
> This appears similar to a bug reported a couple of weeks ago:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=658832
>
> Although the above report is related to ipa-getkeytab rather than
> ipa-passwd. If they are the same issue, then this bug is more serious
> since I can't create new users or allow password changes.
Yes it is almost certainly the same issue, as the ipa-pwd-exop plugin
handles all password changes and keytab issuance.
> Does anyone have a status on this?
We have a patch for the v2 version of the plugins but haven't yet found
the time to backport to 1.2.2.
A workaround is to downgrade DS to a version not compiled with openldap
libs (or recompile it with mozldap).
If you look in this list archives you will also find that Thomas Sailer
has created a backport of the patch and posted a srpm on his fedora
people page.
We hope to address the issue as soon as possible, but we are short on
time in this period.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list