[Freeipa-users] Problem with Kerberos Authentication

Michael Kang wxiluo at gmail.com
Wed Sep 23 01:49:08 UTC 2009 

Dear FreeIPA community,

I did try set the new user's initial password. But it didn't work either. I
got a protocol error.

Here is the output of console :

[root at freeipa ~]# kinit admin
Password for admin at ARAGON.LOCAL:
[root at freeipa ~]# ipa-passwd haha
Changing password for haha at ARAGON.LOCAL
  New Password:
  Confirm Password:
[root at freeipa ~]# kinit haha
Password for haha at ARAGON.LOCAL:
Password expired.  You must change it now.
Enter new password:
Enter it again:
kinit(v5): Requested protocol version not supported while getting initial
credentials



On Tue, Sep 22, 2009 at 9:22 PM, Jenny Galipeau <jgalipea at redhat.com> wrote:

> Jenny Galipeau wrote:
>
>>
>> Michael Kang wrote:
>>
>>> Dear FreeIPA community,
>>>
>>> I successfully installed FreeIPA this morning. Now I got a problem about
>>> Kerberos Authentication. New user cannot modify their password in shell.
>>>
>> Hi Michael:
>> Did you set the new user's initial password?
>> kinit admin
>> ipa passwd haha
>> Thanks
>> Jenny
>>
> Also kinit as haha, because haha will be asked to change the password on
> first authentication.
>
> Thanks
> Jenny
>
>>
>>> I added a new user named /haha(group: ipauser)/ based on the webUI. This
>>> user is not a existed system user. Then I added a new Delegations(allow
>>> people in group ipauser can modify password for group ipauser) .
>>>
>>>    /[michael at freeipa Desktop]$ su - haha/
>>>    /Password: /
>>>
>>>    /Warning: Your password will expire in less than one hour./
>>>    /Warning: password has expired./
>>>    /Kerberos 5 Password: /
>>>    /Warning: Your password will expire in less than one hour./
>>>    /New UNIX password: /
>>>    /Retype new UNIX password: /
>>>    /su: incorrect password/
>>>    /[michael at freeipa Desktop]$ su - root/
>>>    /Password: /
>>>    /[root at freeipa ~]# su - haha/
>>>    /su: warning: cannot change directory to /home/haha: No such file
>>>    or directory/
>>>    /-sh-3.2$ /
>>>
>>>
>>> Root can su - haha successfully. I think that means the Kerberos works,
>>> but new user cannot reset their password in their shell.
>>>
>>> What should I do?
>>>
>>> Best Regards,
>>> Michael
>>>
>>> --
>>> Michael Kang(康上明学)
>>> There is a giant asleep within every man. When the giant awakens,miracles
>>> happen.
>>>
>>> Personal blog: http://ufusion.org - United Fusion
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
>>
>>
>
> --
> Jenny Galipeau <jgalipea at redhat.com>
> Principal Software QA Engineer
> Red Hat, Inc. Security Engineering
>
>


-- 
Michael Kang(康上明学)
There is a giant asleep within every man. When the giant awakens,miracles
happen.

Personal blog: http://ufusion.org - United Fusion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20090923/62a4a207/attachment.htm>

More information about the Freeipa-users mailing list