[Freeipa-users] Problem with Kerberos Authentication
Jenny Galipeau
jgalipea at redhat.com
Tue Sep 22 13:22:57 UTC 2009
Jenny Galipeau wrote:
>
> Michael Kang wrote:
>> Dear FreeIPA community,
>>
>> I successfully installed FreeIPA this morning. Now I got a problem
>> about Kerberos Authentication. New user cannot modify their password
>> in shell.
> Hi Michael:
> Did you set the new user's initial password?
> kinit admin
> ipa passwd haha
> Thanks
> Jenny
Also kinit as haha, because haha will be asked to change the password on
first authentication.
Thanks
Jenny
>>
>> I added a new user named /haha(group: ipauser)/ based on the webUI.
>> This user is not a existed system user. Then I added a new
>> Delegations(allow people in group ipauser can modify password for
>> group ipauser) .
>>
>> /[michael at freeipa Desktop]$ su - haha/
>> /Password: /
>>
>> /Warning: Your password will expire in less than one hour./
>> /Warning: password has expired./
>> /Kerberos 5 Password: /
>> /Warning: Your password will expire in less than one hour./
>> /New UNIX password: /
>> /Retype new UNIX password: /
>> /su: incorrect password/
>> /[michael at freeipa Desktop]$ su - root/
>> /Password: /
>> /[root at freeipa ~]# su - haha/
>> /su: warning: cannot change directory to /home/haha: No such file
>> or directory/
>> /-sh-3.2$ /
>>
>>
>> Root can su - haha successfully. I think that means the Kerberos
>> works, but new user cannot reset their password in their shell.
>>
>> What should I do?
>>
>> Best Regards,
>> Michael
>>
>> --
>> Michael Kang(康上明学)
>> There is a giant asleep within every man. When the giant
>> awakens,miracles happen.
>>
>> Personal blog: http://ufusion.org - United Fusion
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
--
Jenny Galipeau <jgalipea at redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering
More information about the Freeipa-users
mailing list