[24448] in Kerberos

home help back first fref pref prev next nref lref last post

kpasswd problem on 1.4.1/1.4.2 (NOT!)

daemon@ATHENA.MIT.EDU (Mike Friedman)
Thu Aug 11 18:30:13 2005

Date: Thu, 11 Aug 2005 15:29:12 -0700 (PDT)
From: Mike Friedman <mikef@ack.berkeley.edu>
To: kerberos@mit.edu
Message-ID: <20050811152012.Y39661@malcolm.berkeley.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Errors-To: kerberos-bounces@mit.edu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Earlier, I posted this:

> I just noticed that with 1.4.1 and 1.4.2, when I try to change my 
> password with kpasswd, I get the following message after entering the 
> new password twice:
> 
>    kpasswd: Permission denied changing password
> 
> This occurs whether the KDC is at 1.3.4 or at 1.4.2.
> 
> I don't have the problem using a 1.3.4 kpasswd.
> 
> Has something changed in 1.4.x with respect to password changing?

I now realize what the answer is:  my firewall.  I needed to open up UDP 
464 to allow password-changing.  This hasn't been an issue for me in the 
past because, until very recently, I haven't been running a host-based 
firewall on my own workstation. If I had been, then I'm sure my 1.3.4 
kpasswd would have had the same problem.  My test earlier today with a 
1.3.4 kpasswd was from a different machine (still running 1.3.4) that 
doesn't have such a firewall.

I realized all this when I discovered that 1.4.2 kpasswd worked fine from 
my 1.4.2 KDC itself.  I then ran a trace of kpasswd on my workstation and 
saw that the 'permission denied' problem was coming when trying to write 
to a socket for the actual password change.

Sorry for the false alarm!

Mike

_____________________________________________________________________
Mike Friedman                   System and Network Security
mikef@ack.Berkeley.EDU          2484 Shattuck Avenue
1-510-642-1410                  University of California at Berkeley
http://ack.Berkeley.EDU/~mikef  http://security.berkeley.edu
_____________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBQvvRPK0bf1iNr4mCEQLsLwCgviFFXYAg+4Fh0hT7l9lM9x7ZPVwAnjO0
tQTNTxT305UiCgstvAwfrCsu
=6V/A
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post