[Freeipa-users] AIX kerberos client to IPA
KodaK
sakodak at gmail.com
Wed Mar 12 22:43:46 UTC 2014
I had this issue, but I gave up. I have my users either log into a Linux
box to change passwords or use a web based password reset I set up for them.
When your users log in successfully do they have tickets? That's my
situation: they can get tickets once they're logged in, but can't change
when prompted at login, nor can they change interactively using passwd.
If you ever figure anything out let me know, but I spent quite a bit of
time on it (once I had the workaround I stopped, though. You may be more
persistent.)
Good luck,
--Jason
On Wed, Mar 12, 2014 at 4:52 PM, Rob <robert.roche at xerox.com> wrote:
>
> Hi,
>
> I have configured an AIX 6.1 server to connect to a RHEL 6.5 IPA server.
> The
> AIX server is configured to use netgroups and all that works for existing
> the
> users.
>
> The problem is when a users password expires or when a new user is created.
> They cannot change their password
>
> WARNING: Your password has expired.
> You must change your password now and login again!
> Changing password for "testuser"
> testuser's Old password:
> testuser's New password:
> Connection to localhost closed.
>
> The problem seems to be related to not getting a kerberos ticket as kinit
> can
> be used to change the password.
>
> Logging is enabled but no logs ever get updated
>
> [logging]
> kdc = FILE:/var/krb5/log/krb5kdc.log
> admin_server = FILE:/var/krb5/log/kadmin.log
> kadmin_local = FILE:/var/krb5/log/kadmin_local.log
> default = FILE:/var/krb5/log/krb5lib.log
>
> Anybody ever come across this? Or know how to get logging working?
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
--
The government is going to read our mail anyway, might as well make it
tough for them. GPG Public key ID: B6A1A7C6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140312/43d80ef7/attachment.htm>
More information about the Freeipa-users
mailing list