[Freeipa-users] freeipa authentication token manipulation error
Rakesh Rajasekharan
rakesh.rajasekharan at gmail.com
Mon Jan 12 09:55:18 UTC 2015
This is what I get now a=in the krb5_child.log after setting the debug_level
Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [unpack_buffer]
(0x0100): ccname: [FILE:/tmp/krb5cc_710600001_XXXXXX] keytab:
[/etc/krb5.keytab]
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
from environment.
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]]
[set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [k5c_setup_fast]
(0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/
qa-dummy-int.test.com at TEST.COM)]
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [match_principal]
(0x1000): Principal matched to the sample (host/
qa-dummy-int.test.com at TEST.COM).
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [check_fast_ccache]
(0x0200): FAST TGT is still valid.
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [main] (0x0400):
Will perform password change
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [changepw_child]
(0x1000): Password change operation
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [changepw_child]
(0x0400): Attempting kinit for realm [TEST.COM]
On Mon, Jan 12, 2015 at 2:31 PM, Lukas Slebodnik <lslebodn at redhat.com>
wrote:
> On (12/01/15 14:12), Rakesh Rajasekharan wrote:
> >The sssd version is 1.11.6
> >
> >The password does not get changed, whatever password gets generated by ipa
> >user-mod --random stays valid even after attempting the change.
> >
> >krb5_child.log does not have any contents.
> The logging in sssd is dibsabled by default. You need to increase level of
> verbosity.
>
> Put debug_level = 7 into domain section and restart sssd.
> It is also possible to change debug level on the fly with comand line
> utility
> sss_debuglevel (part of pacakge sssd-tools)
>
> LS
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150112/0286e99c/attachment.htm>
More information about the Freeipa-users
mailing list