[2692] in Kerberos-V5-bugs
Re: krb5-admin/388: request for support in upgrading v4 to v5
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Wed Mar 12 00:49:48 1997
Date: Wed, 12 Mar 1997 00:47:36 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: krb5-bugs@MIT.EDU, Charlie <root@circe.CS.Berkeley.EDU>
Cc: bjaspan@MIT.EDU, gnats-admin@RT-11.MIT.EDU, krb5-prs@RT-11.MIT.EDU
In-Reply-To: Charlie's message of Tue, 11 Mar 1997 19:56:02 -0500,
<199703120056.TAA26993@rt-11.MIT.EDU>
Date: Tue, 11 Mar 1997 16:55:41 -0800 (PST)
From: Charlie <root@circe.CS.Berkeley.EDU>
After following the instructions in "Upgrading to Kerberos V5
from Kerberos V4", with all data from our real production
kerberos V4 database, and having selected 3 sample machines
to participate in a test, (a server, circe@CS.Berkeley.EDU,
an ultrix V4 machine oboe.CS..., a BSD/OS 2.1 client yacht@CS)
none of the following ways allowed me to change my own kerberos
password:
a.) The V4 kpasswd command as compiled under ultrix
from krb_passwd.c Berkeley version 8.3
b.) The BSD/OS 2.1 passwd command
If you want to use the V4 kpasswd clients, you need to run a
V4-compatibility kadmin server, to support the V4 kadmin protocol which
is used by the V4 kpasswd clients. This can be found in the
kadmin/v4server directory.
In general, your error messages show v5passwdd firing up in a number of
cases. Note that the v5passwdd server is not needed in most cases,
unless you need compatibility with the V5 kpasswd that had been released
in previous beta releases. v5passwdd also *shouldn't* be running on out
of inetd, since v5 passwd does its own waiting.
Try removing v5passwdd, since I suspect it was getting in your way, and
hurting far more than it was helping.
> Not sure what did it;
> In any case the sequence
> kadmin -p sklower@EECS.BERKELEY.EDU
> kadmin: cpw sklower@EECS.BERKELEY.EDU
> appears to work now, although it does require that
> the v5 kadmin program be made available on all v4
> platforms, as well as an /etc/krb5.conf file.
> This is annoying, etc.
>
If kadmin works, the kpasswd program (found in src/kadmin/kpasswd),
should work as well (it contacts the same server).
Good luck!!
- Ted