[Freeipa-users] can't reset password on fedora 13

James Po jamespo.mailinglist at gmail.com
Sun Jun 6 22:06:24 UTC 2010 

I've installed (from yum) on fedora 13, created a user but cannot ssh
in as that user - it fails to reset the password.

I've disabled iptables & SELinux (for testing purposes) to no avail.


macbook:~ james$ ssh bshit at 192.168.5.58
bshit at 192.168.5.58's password:
Warning: Your password will expire in less than one hour.
Password expired. Change your password now.
Last login: Sun Jun  6 22:25:17 2010 from 192.168.5.249
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user bshit.
Current Password:
New password:
Retype new password:
Warning: Your password will expire in less than one hour.
Warning: Your password will expire in less than one hour.
passwd: Authentication token manipulation error
Connection to 192.168.5.58 closed.


/var/log/secure:

Jun  6 22:32:30 ipa passwd: pam_sss(passwd:chauthtok): system info:
[Cannot contact any KDC for requested realm]
Jun  6 22:32:30 ipa passwd: pam_sss(passwd:chauthtok): User info
message: Warning: Your password will expire in less than one hour.
Jun  6 22:32:30 ipa passwd: pam_sss(passwd:chauthtok): system info:
[Cannot contact any KDC for requested realm]
Jun  6 22:32:30 ipa passwd: pam_sss(passwd:chauthtok): User info
message: Warning: Your password will expire in less than one hour.
Jun  6 22:32:30 ipa passwd: pam_sss(passwd:chauthtok): Password change
failed for user bshit: 22 (Authentication token lock busy)
Jun  6 22:32:30 ipa passwd: gkr-pam: couldn't update the login keyring
password: no old password was entered
Jun  6 22:32:32 ipa sshd[1635]: pam_unix(sshd:session): session closed
for user bshit


/var/log/krb5kdc.log:

Jun 06 22:32:30 ipa.dev.webscalability.com krb5kdc[1349](info): AS_REQ
(7 etypes {18 17 16 23 1 3 2}) 192.168.5.58: NEEDED_PREAUTH:
bshit at DEV.WEBSCALABILITY.COM for
kadmin/changepw at DEV.WEBSCALABILITY.COM, Additional pre-authentication
required
Jun 06 22:32:30 ipa.dev.webscalability.com krb5kdc[1349](info): AS_REQ
(7 etypes {18 17 16 23 1 3 2}) 192.168.5.58: ISSUE: authtime
1275859950, etypes {rep=18 tkt=18 ses=18},
bshit at DEV.WEBSCALABILITY.COM for
kadmin/changepw at DEV.WEBSCALABILITY.COM
Jun 06 22:32:30 ipa.dev.webscalability.com krb5kdc[1349](info): AS_REQ
(7 etypes {18 17 16 23 1 3 2}) 192.168.5.58: NEEDED_PREAUTH:
bshit at DEV.WEBSCALABILITY.COM for
kadmin/changepw at DEV.WEBSCALABILITY.COM, Additional pre-authentication
required
Jun 06 22:32:30 ipa.dev.webscalability.com krb5kdc[1349](info): AS_REQ
(7 etypes {18 17 16 23 1 3 2}) 192.168.5.58: ISSUE: authtime
1275859950, etypes {rep=18 tkt=18 ses=18},
bshit at DEV.WEBSCALABILITY.COM for
kadmin/changepw at DEV.WEBSCALABILITY.COM

More information about the Freeipa-users mailing list