[Freeipa-users] freeipa authentication token manipulation error

[Lukas Slebodnik]

On (13/01/15 12:48), Rakesh Rajasekharan wrote:
>This is how I get the logs in krb5_child.
>
>when a user tries to authenticate with the random password that I generated,
>
>WARNING: Your password has expired.
>You must change your password now and login again!
>Changing password for user hq-testuser.
>Current Password:
>New password:
>Retype new password:
>passwd: Authentication token manipulation erro
>
>And on the krb5_child.log, these are the entries
>
>(Tue Jan 13 06:47:39 2015) [[sssd[krb5_child[18004]]]] [unpack_buffer]
>(0x0100): ccname: [FILE:/tmp/krb5cc_710600001_XXXXXX] keytab:
>[/etc/krb5.keytab]
>(Tue Jan 13 06:47:39 2015) [[sssd[krb5_child[18004]]]]
>[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
>from environment.
>(Tue Jan 13 06:47:39 2015) [[sssd[krb5_child[18004]]]]
>[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
>environment.
>(Tue Jan 13 06:47:39 2015) [[sssd[krb5_child[18004]]]]
>[set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
>(Tue Jan 13 06:47:39 2015) [[sssd[krb5_child[18004]]]] [k5c_setup_fast]
>(0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/
>qa-dummy-int.test.com at TEST.COM]
>(Tue Jan 13 06:47:39 2015) [[sssd[krb5_child[18004]]]] [match_principal]
>(0x1000): Principal matched to the sample (host/
>qa-dummy-int.test.com at TEST.COM).
>(Tue Jan 13 06:47:39 2015) [[sssd[krb5_child[18004]]]] [check_fast_ccache]
>(0x0200): FAST TGT is still valid.
>(Tue Jan 13 06:47:39 2015) [[sssd[krb5_child[18004]]]] [main] (0x0400):
>Will perform password change
>(Tue Jan 13 06:47:39 2015) [[sssd[krb5_child[18004]]]] [changepw_child]
>(0x1000): Password change operation
>(Tue Jan 13 06:47:39 2015) [[sssd[krb5_child[18004]]]] [changepw_child]
>(0x0400): Attempting kinit for realm [TEST.COM]
>
I would expect at least next line:
   "Received error code"

Are you sure there is no crash?
Could you look into /var/log/messages?

LS