[Freeipa-users] Unable to change Admin password
Uzor Ide
ide4you at gmail.com
Wed Jan 12 18:58:31 UTC 2011
Hello List
We are having problem with changing/reseting password. Even the admin
password cannot be changed. During login users with expired passwords are
warned that their password has expired and forced to change their password.
But when the type new password, the operation fails with error
"Authentication token manipulation error"
When I tried the change the admin krb5 password from the ipa-server I got
the following error
"Cannot contact any KDC for requested realm while getting initial
credentials"
That's surprising because the KDC hostname resolves properly.
This what's in the krb5kdc.log each time
Jan 12 13:30:27 ipaserver.mycompany.com krb5kdc[1382](info): AS_REQ (7
etypes {18 17 16 23 1 3 2}) 192.168.1.12: ISSUE: authtime 1294857027, etypes
{rep=18 tkt=18 ses=18}, admin at MYCOMPANY.COM for kadmin/
changepw at MYCOMPANY.COM
Jan 12 13:30:39 ipaserver.mycompany.com krb5kdc[1382](info): AS_REQ (7
etypes {18 17 16 23 1 3 2}) 192.168.1.12: NEEDED_PREAUTH: kadmin/
changepw at MYCOMPANY.COM for krbtgt/MYCOMPANY.COM at UZDOMAIN.CA, Additional
pre-authentication required
Jan 12 13:30:40 ipaserver.mycompany.com krb5kdc[1382](info): AS_REQ (7
etypes {18 17 16 23 1 3 2}) 192.168.1.12: ISSUE: authtime 1294857040, etypes
{rep=18 tkt=18 ses=18}, kadmin/changepw at MYCOMPANY.COM for krbtgt/
MYCOMPANY.COM at UZDOMAIN.CA
The server is freeipa-2.0 -beta and O/S is fedora 13
Any help will be greatly appreciated
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110112/be322655/attachment.htm>
More information about the Freeipa-users
mailing list