[33273] in Kerberos
Re: kpasswd and kerberos 1.8.1
daemon@ATHENA.MIT.EDU (Brian Candler)
Tue Mar 15 13:32:25 2011
Date: Tue, 15 Mar 2011 17:32:09 +0000
From: Brian Candler <B.Candler@pobox.com>
To: Greg Hudson <ghudson@mit.edu>
Message-ID: <20110315173209.GA6308@talktalkplc.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1300202488.2397.457.camel@t410>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, Mar 15, 2011 at 11:21:28AM -0400, Greg Hudson wrote:
> There are two steps involved in changing a Kerberos password. First,
> you request a kadmin/changepw ticket from the KDC using your old
> password; then, you send your new password to the kpasswd service,
> authenticated with the kadmin/changepw ticket.
>
> Based on your KDC logs, the first step is succeeding--at least, from the
> KDC's point of view. The second step is not, suggesting that the client
> has the wrong information for the kpasswd service, or that kadmind isn't
> running (the kpasswd service is normally implemented as part of
> kadmind).
And also: I believe that the kadmin service can't be located from DNS
information (not yet anyway). You have to configure it explicitly in
/etc/krb5.conf
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
