[Freeipa-users] resetting an admin account.
Steven Jones
Steven.Jones at vuw.ac.nz
Thu Jul 26 23:05:48 UTC 2012
If I put the adm account into a user group and ssh in I can set a password,
====
[jonesst1 at 8kxl72s ~]$ ssh -l admjonesst1 localhost -p22
admjonesst1 at localhost's password:
Password expired. Change your password now.
Creating home directory for admjonesst1.
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user admjonesst1.
Current Password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Connection to localhost closed.
[jonesst1 at 8kxl72s ~]$ ssh -l admjonesst1 localhost -p22
admjonesst1 at localhost's password:
Last login: Fri Jul 27 11:03:37 2012 from 127.0.0.1
[admjonesst1 at 8kxl72s ~]$
====
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Friday, 27 July 2012 10:48 a.m.
Cc: freeipa-users at redhat.com
Subject: [Freeipa-users] resetting an admin account.
I have tried to reset my admin password (admjonesst1) using the admin account toa temp password,
So I run a kinit admjonesst1 to reset it to a perm one and I get,
========
[jonesst1 at 8kxl72s ~]$ kinit admjonesst1
Password for admjonesst1 at ODS.VUW.AC.NZ:
Password expired. You must change it now.
Enter new password:
Enter it again:
kinit: Cannot contact any KDC for requested realm while getting initial credentials
[jonesst1 at 8kxl72s ~]$ kinit admjonesst1
Password for admjonesst1 at ODS.VUW.AC.NZ:
Password expired. You must change it now.
Enter new password:
Enter it again:
kinit: Cannot contact any KDC for requested realm while getting initial credentials
[jonesst1 at 8kxl72s ~]$
========
The krb log says,
=======
Jul 27 10:44:03 vuwunicoipam002.ods.vuw.ac.nz krb5kdc[4102](info): AS_REQ (4 etypes {18 17 16 23}) 130.195.245.249: CLIENT KEY EXPIRED: admjonesst1 at ODS.VUW.AC.NZ for krbtgt/ODS.VUW.AC.NZ at ODS.VUW.AC.NZ, Password has expired
Jul 27 10:44:03 vuwunicoipam002.ods.vuw.ac.nz krb5kdc[4102](info): AS_REQ (4 etypes {18 17 16 23}) 130.195.245.249: NEEDED_PREAUTH: admjonesst1 at ODS.VUW.AC.NZ for kadmin/changepw at ODS.VUW.AC.NZ, Additional pre-authentication required
Jul 27 10:44:11 vuwunicoipam002.ods.vuw.ac.nz krb5kdc[4102](info): AS_REQ (4 etypes {18 17 16 23}) 130.195.245.249: ISSUE: authtime 1343342651, etypes {rep=18 tkt=18 ses=18}, admjonesst1 at ODS.VUW.AC.NZ for kadmin/changepw at ODS.VUW.AC.NZ
Jul 27 10:44:41 vuwunicoipam002.ods.vuw.ac.nz krb5kdc[4102](info): AS_REQ (4 etypes {18 17 16 23}) 130.195.245.249: CLIENT KEY EXPIRED: admjonesst1 at ODS.VUW.AC.NZ for krbtgt/ODS.VUW.AC.NZ at ODS.VUW.AC.NZ, Password has expired
Jul 27 10:44:41 vuwunicoipam002.ods.vuw.ac.nz krb5kdc[4102](info): AS_REQ (4 etypes {18 17 16 23}) 130.195.245.249: NEEDED_PREAUTH: admjonesst1 at ODS.VUW.AC.NZ for kadmin/changepw at ODS.VUW.AC.NZ, Additional pre-authentication required
Jul 27 10:44:46 vuwunicoipam002.ods.vuw.ac.nz krb5kdc[4102](info): AS_REQ (4 etypes {18 17 16 23}) 130.195.245.249: ISSUE: authtime 1343342686, etypes {rep=18 tkt=18 ses=18}, admjonesst1 at ODS.VUW.AC.NZ for kadmin/changepw at ODS.VUW.AC.NZ
=======
Any idea what's going on here pls?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list