Michael Kang wrote:
Dear FreeIPA community,
I did try set the new user's initial password. But it didn't work
either. I got a protocol error.
Here is the output of console :
[r...@freeipa ~]# kinit admin
Password for ad...@aragon.local:
[r...@freeipa ~]# ipa-passwd haha
Changing password for h...@aragon.local
New Password:
Confirm Password:
[r...@freeipa ~]# kinit haha
Password for h...@aragon.local:
Password expired. You must change it now.
Enter new password:
Enter it again:
kinit(v5): Requested protocol version not supported while getting
initial credentials
Sounds like, a Kerberos V4 request was sent to the KDC? What's in the
client's krb5.conf?
Jenny
On Tue, Sep 22, 2009 at 9:22 PM, Jenny Galipeau <jgali...@redhat.com
<mailto:jgali...@redhat.com>> wrote:
Jenny Galipeau wrote:
Michael Kang wrote:
Dear FreeIPA community,
I successfully installed FreeIPA this morning. Now I got a
problem about Kerberos Authentication. New user cannot
modify their password in shell.
Hi Michael:
Did you set the new user's initial password?
kinit admin
ipa passwd haha
Thanks
Jenny
Also kinit as haha, because haha will be asked to change the
password on first authentication.
Thanks
Jenny
I added a new user named /haha(group: ipauser)/ based on
the webUI. This user is not a existed system user. Then I
added a new Delegations(allow people in group ipauser can
modify password for group ipauser) .
/[mich...@freeipa Desktop]$ su - haha/
/Password: /
/Warning: Your password will expire in less than one hour./
/Warning: password has expired./
/Kerberos 5 Password: /
/Warning: Your password will expire in less than one hour./
/New UNIX password: /
/Retype new UNIX password: /
/su: incorrect password/
/[mich...@freeipa Desktop]$ su - root/
/Password: /
/[r...@freeipa ~]# su - haha/
/su: warning: cannot change directory to /home/haha: No
such file
or directory/
/-sh-3.2$ /
Root can su - haha successfully. I think that means the
Kerberos works, but new user cannot reset their password
in their shell.
What should I do?
Best Regards,
Michael
--
Michael Kang(康上明学)
There is a giant asleep within every man. When the giant
awakens,miracles happen.
Personal blog: http://ufusion.org - United Fusion
------------------------------------------------------------------------
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Jenny Galipeau <jgali...@redhat.com <mailto:jgali...@redhat.com>>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering
--
Michael Kang(康上明学)
There is a giant asleep within every man. When the giant
awakens,miracles happen.
Personal blog: http://ufusion.org - United Fusion
--
Jenny Galipeau <jgali...@redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users