[Freeipa-users] freeipa authentication token manipulation error

Rakesh Rajasekharan rakesh.rajasekharan at gmail.com
Mon Jan 12 10:31:32 UTC 2015 

under /var/log/secure.. have this error
passwd: pam_sss(passwd:chauthtok): Password change failed for user
hq-testuser: 22 (Authentication token lock busy)

On Mon, Jan 12, 2015 at 3:25 PM, Rakesh Rajasekharan <
rakesh.rajasekharan at gmail.com> wrote:

> This is what I get now a=in the krb5_child.log after setting the
> debug_level
>
> Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [unpack_buffer]
> (0x0100): ccname: [FILE:/tmp/krb5cc_710600001_XXXXXX] keytab:
> [/etc/krb5.keytab]
> (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> from environment.
> (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]]
> [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
> (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [k5c_setup_fast]
> (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/
> qa-dummy-int.test.com at TEST.COM)]
> (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [match_principal]
> (0x1000): Principal matched to the sample (host/
> qa-dummy-int.test.com at TEST.COM).
> (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [check_fast_ccache]
> (0x0200): FAST TGT is still valid.
> (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [main] (0x0400):
> Will perform password change
> (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [changepw_child]
> (0x1000): Password change operation
> (Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [changepw_child]
> (0x0400): Attempting kinit for realm [TEST.COM]
>
>
>
> On Mon, Jan 12, 2015 at 2:31 PM, Lukas Slebodnik <lslebodn at redhat.com>
> wrote:
>
>> On (12/01/15 14:12), Rakesh Rajasekharan wrote:
>> >The sssd version is 1.11.6
>> >
>> >The password does not get changed, whatever password gets generated by
>> ipa
>> >user-mod --random stays valid even after attempting the change.
>> >
>> >krb5_child.log does not have any contents.
>> The logging in sssd is dibsabled by default. You need to increase level of
>> verbosity.
>>
>> Put debug_level = 7 into domain section and restart sssd.
>> It is also possible to change debug level on the fly with comand line
>> utility
>> sss_debuglevel (part of pacakge sssd-tools)
>>
>> LS
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150112/300bffe3/attachment.htm>

More information about the Freeipa-users mailing list