On 06/06/2010 06:06 PM, James Po wrote:
I've installed (from yum) on fedora 13, created a user but cannot ssh in as that user - it fails to reset the password.I've disabled iptables& SELinux (for testing purposes) to no avail. macbook:~ james$ ssh bs...@192.168.5.58 bs...@192.168.5.58's password: Warning: Your password will expire in less than one hour. Password expired. Change your password now. Last login: Sun Jun 6 22:25:17 2010 from 192.168.5.249 WARNING: Your password has expired. You must change your password now and login again! Changing password for user bshit. Current Password: New password: Retype new password: Warning: Your password will expire in less than one hour. Warning: Your password will expire in less than one hour. passwd: Authentication token manipulation error Connection to 192.168.5.58 closed. /var/log/secure: Jun 6 22:32:30 ipa passwd: pam_sss(passwd:chauthtok): system info: [Cannot contact any KDC for requested realm] Jun 6 22:32:30 ipa passwd: pam_sss(passwd:chauthtok): User info message: Warning: Your password will expire in less than one hour. Jun 6 22:32:30 ipa passwd: pam_sss(passwd:chauthtok): system info: [Cannot contact any KDC for requested realm] Jun 6 22:32:30 ipa passwd: pam_sss(passwd:chauthtok): User info message: Warning: Your password will expire in less than one hour. Jun 6 22:32:30 ipa passwd: pam_sss(passwd:chauthtok): Password change failed for user bshit: 22 (Authentication token lock busy) Jun 6 22:32:30 ipa passwd: gkr-pam: couldn't update the login keyring password: no old password was entered Jun 6 22:32:32 ipa sshd[1635]: pam_unix(sshd:session): session closed for user bshit /var/log/krb5kdc.log: Jun 06 22:32:30 ipa.dev.webscalability.com krb5kdc[1349](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.5.58: NEEDED_PREAUTH: bs...@dev.webscalability.com for kadmin/chang...@dev.webscalability.com, Additional pre-authentication required Jun 06 22:32:30 ipa.dev.webscalability.com krb5kdc[1349](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.5.58: ISSUE: authtime 1275859950, etypes {rep=18 tkt=18 ses=18}, bs...@dev.webscalability.com for kadmin/chang...@dev.webscalability.com Jun 06 22:32:30 ipa.dev.webscalability.com krb5kdc[1349](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.5.58: NEEDED_PREAUTH: bs...@dev.webscalability.com for kadmin/chang...@dev.webscalability.com, Additional pre-authentication required Jun 06 22:32:30 ipa.dev.webscalability.com krb5kdc[1349](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.5.58: ISSUE: authtime 1275859950, etypes {rep=18 tkt=18 ses=18}, bs...@dev.webscalability.com for kadmin/chang...@dev.webscalability.com
This looks like an error in the SSSD. Could you edit /etc/sssd/sssd.conf and change debug_level=0 to debug_level=9 and then try this again. Then examine /var/log/sssd/krb5_child.log and /var/log/sssd/sssd_<your_domain>.log for clues?
-- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
