Hi to all,

I currently have setup a freeipa server on a virtual machine and have some 
issues I just want to be cleared with.

My setup is as follows:

I have tweaked the /etc/hosts file to register the hostname and ip address of 
the machine to where I have installed the server.

Then, I installed the ipa server from yum and have successfully created my 
realm and directory server.  I have used the -N option to disable the 
configuration and installation of the NTP server.  I have configured the 
/etc/ntp.conf to synchronize the time with our own ntp server.  

After the installation, I configured the browser to enable the webgui.  I have 
successfully done this, and have accessed the administrator page after 
obtaining the admin ticket.  Now I tried to create a test user.  This test user 
has sufficient required entries for an account to be created. Now that the user 
is existing, the page issued that the users password has expired.  I know this 
is a security feature.  I then tried to kinit with the test user, it asked for 
the password and I, in return, supplied the password from which is identical 
from the password I supplied during the creation of the test user.  Kinit 
outputs with an error kinit(v5): Password incorrect while getting initial 

I looked up for the krb5kdc.log and found these:
Jul 29 10:40:06 xx.xxx.xxx.xxx krb5kdc[1478](info): AS_REQ (7 etypes {18 17 16 
23 1 3 2}) CLIENT KEY EXPIRED: he...@xxx.xxx.xxx.xxx for 
krbtgt/xxx.xxx.xxx....@xxx.xxx.xxx.xxx, Password has expired.

I just X'ed out our realm and the hostname of the machine.
Isn't it that the password that was supplied during the registration of a user 
is supposed to be his kerberos password too?

What seemed to be the problem?


John Robert Mendoza

Freeipa-users mailing list

Reply via email to