[Freeipa-users] resetting an admin account.
Steven Jones
Steven.Jones at vuw.ac.nz
Wed Aug 1 01:10:19 UTC 2012
This appears to be a failure of the password change mechanism to fail say the password is either too short or not complex enough.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Martin Kosek [mkosek at redhat.com]
Sent: Tuesday, 31 July 2012 7:12 p.m.
To: Steven Jones
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] resetting an admin account.
On 07/27/2012 12:48 AM, Steven Jones wrote:
> I have tried to reset my admin password (admjonesst1) using the admin account toa temp password,
>
> So I run a kinit admjonesst1 to reset it to a perm one and I get,
>
> ========
> [jonesst1 at 8kxl72s ~]$ kinit admjonesst1
> Password for admjonesst1 at ODS.VUW.AC.NZ:
> Password expired. You must change it now.
> Enter new password:
> Enter it again:
> kinit: Cannot contact any KDC for requested realm while getting initial credentials
> [jonesst1 at 8kxl72s ~]$ kinit admjonesst1
> Password for admjonesst1 at ODS.VUW.AC.NZ:
> Password expired. You must change it now.
> Enter new password:
> Enter it again:
> kinit: Cannot contact any KDC for requested realm while getting initial credentials
> [jonesst1 at 8kxl72s ~]$
> ========
>
Would a kinit with a trace turned on show anything interesting?
# KRB5_TRACE=/dev/stdout kinit admjonesst1
It may get us closer to the root cause of this issue.
Martin
More information about the Freeipa-users
mailing list