[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] setting passwords stopped working

From: Nathan Kinder <nkinder redhat com>
To: Matt Bernstein <mb--ipa dcs qmul ac uk>
Cc: freeipa-devel redhat com
Subject: Re: [Freeipa-devel] setting passwords stopped working
Date: Mon, 23 Jun 2008 10:24:57 -0700

Matt Bernstein wrote:

Hi, not sure where better to send this so here goes..
I installed Fedora 9 FreeIPA (1.0) a couple of weeks ago, and yum hassince upgraded it to 1.1. Things seem to be pretty good, exceptchanging (or setting new) passwords has stopped working. I don't knowif the upgrade was the cause of the error, but I thought I'd bettermention it.
User's interaction:

$ kinit -V tim
Password for tim TEST EECS QMUL AC UK:
Password expired.  You must change it now.
Enter new password:
Enter it again:
kinit(v5): Password change failed while getting initial credentials
From krb5kdc.log:
Jun 23 17:06:43 eagle krb5kdc[1357](info): AS_REQ (7 etypes {18 17 1623 1 3 2}) 138.37.95.132: CLIENT KEY EXPIRED: tim TEST EECS QMUL AC UKfor krbtgt/TEST EECS QMUL AC UK TEST EECS QMUL AC UK, Password hasexpiredJun 23 17:06:43 eagle krb5kdc[1357](info): AS_REQ (7 etypes {18 17 1623 1 3 2}) 138.37.95.132: NEEDED_PREAUTH: tim TEST EECS QMUL AC UK forkadmin/changepw TEST EECS QMUL AC UK, Additional pre-authenticationrequiredJun 23 17:06:45 eagle krb5kdc[1357](info): AS_REQ (7 etypes {18 17 1623 1 3 2}) 138.37.95.132: ISSUE: authtime 1214237205, etypes {rep=18tkt=18 ses=18}, tim TEST EECS QMUL AC UK forkadmin/changepw TEST EECS QMUL AC UKJun 23 17:06:46 eagle krb5kdc[1357](info): AS_REQ (7 etypes {18 17 1623 1 3 2}) 138.37.95.132: NEEDED_PREAUTH:kadmin/changepw TEST EECS QMUL AC UK forkrbtgt/TEST EECS QMUL AC UK TEST EECS QMUL AC UK, Additionalpre-authentication requiredJun 23 17:06:46 eagle krb5kdc[1357](info): AS_REQ (7 etypes {18 17 1623 1 3 2}) 138.37.95.132: ISSUE: authtime 1214237206, etypes {rep=18tkt=18 ses=18}, kadmin/changepw TEST EECS QMUL AC UK forkrbtgt/TEST EECS QMUL AC UK TEST EECS QMUL AC UKJun 23 17:06:46 eagle krb5kdc[1357](info): TGS_REQ (7 etypes {18 17 1623 1 3 2}) 138.37.95.132: ISSUE: authtime 1214237206, etypes {rep=18tkt=18 ses=18}, kadmin/changepw TEST EECS QMUL AC UK forldap/eagle test eecs qmul ac uk TEST EECS QMUL AC UK
From syslog:
Jun 23 17:06:46 eagle kpasswd[1852]: ldap_parse_result(): [Passwordgeneration not implemented.#012]
Jun 23 17:06:46 eagle kpasswd[1852]: Password change failed
So.. is any of this helpful? It seems from syslog that theipa_pwd_extop slapi plugin isn't receiving the new password, but I'veno idea why.
Can anyone help? It's not SELinux or resource starvation, AFAICT.

Is there anything interesting related to the ipa_passwd_extop plug-inin the Directory Server errors log (/var/log/dirsrv/slapd-<realm>/errors)?


-NGK


Matt

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel redhat com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- [Freeipa-devel] setting passwords stopped working
  - From: Matt Bernstein

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]