[Freeipa-users] AIX kerberos client to IPA
Sigbjorn Lie
sigbjorn at nixtra.com
Sat Mar 15 09:51:05 UTC 2014
On 12/03/14 22:52, Rob wrote:
> Hi,
>
> I have configured an AIX 6.1 server to connect to a RHEL 6.5 IPA server. The
> AIX server is configured to use netgroups and all that works for existing the
> users.
>
> The problem is when a users password expires or when a new user is created.
> They cannot change their password
>
> WARNING: Your password has expired.
> You must change your password now and login again!
> Changing password for "testuser"
> testuser's Old password:
> testuser's New password:
> Connection to localhost closed.
>
> The problem seems to be related to not getting a kerberos ticket as kinit can
> be used to change the password.
>
> Logging is enabled but no logs ever get updated
>
> [logging]
> kdc = FILE:/var/krb5/log/krb5kdc.log
> admin_server = FILE:/var/krb5/log/kadmin.log
> kadmin_local = FILE:/var/krb5/log/kadmin_local.log
> default = FILE:/var/krb5/log/krb5lib.log
>
> Anybody ever come across this? Or know how to get logging working?
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
*
I am not familiar with AIX. Just quick tip for what we had to do on Solaris to make password changes work - as the issue sounded somewhat familiar... :)
We have to set "kpasswd_protocol = SET_CHANGE" to krb5.conf when used with any "non-Solaris KDC".
Perhaps you have a similar setting for AIX?
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140315/bf1a0287/attachment.htm>
More information about the Freeipa-users
mailing list