[30507] in Kerberos
Re: Solaris 10 client, MIT 1.6 server, kpasswd command
daemon@ATHENA.MIT.EDU (Christopher D. Clausen)
Sun Dec 7 23:08:49 2008
Message-ID: <745127AEBF074C4EA2181537A182B415@CDCHOME>
From: "Christopher D. Clausen" <cclausen@acm.org>
To: "Edward Irvine" <eirvine@tpg.com.au>
Date: Sun, 7 Dec 2008 22:04:54 -0600
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Edward Irvine <eirvine@tpg.com.au> wrote:
> Has anyone else had trouble changing passwords from a Solaris client?
>
> I'm using the Solaris 10 version of kpasswd:
>
> /bin/kpasswd unsername
> kpasswd: Changing password for username@EXAMPLE.COM.
> Old password: <secrret>
> kpasswd: Cannot establis a session with the Kerberos administrative
> server for realm EXAMPLE.COM. Database error! Required KADM5
> principal missing.
>
> This works fine when I use the MIT Kerberos version of kpasswd.
See:
http://docs.sun.com/app/docs/doc/816-5174/krb5.conf-4?a=view
krb5.conf -> kpasswd_protocol option:
Identifies the protocol to be used when communicating with the server
indicated by kpasswd_server. By default, this parameter is defined to be
RPCSEC_GSS, which is the protocol used by Solaris-based administration
servers. To be able to change a principal's password stored on
non-Solaris Kerberos server, such as Microsoft Active Directory or MIT
Kerberos, this value should be SET_CHANGE. This indicates that a
non-RPC- based protocol is used to communicate the password change
request to the server in the kpasswd_server entry.
<<CDC
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
