On Fri, 17 Dec 2010 10:47:06 -0500 Dan Scott <[email protected]> wrote:
> Hi, > > I have recently upgraded one of our server from Fedora 13 to 14. > Recently, I noticed that I cannot reset user passwords any more: > > A database error occurred: Operations error: Failed to update password > > The log file contains the following entries: > [16/Dec/2010:10:47:08 -0500] ipa_pwd_extop - encoding asn1 > EncryptionKey failed [16/Dec/2010:10:47:08 -0500] ipa_pwd_extop - > encoding asn1 KrbSalt failed [16/Dec/2010:10:47:08 -0500] > ipa_pwd_extop - key encryption/encoding failed > > Packages: > 389-ds-base-1.2.7.4-1.fc14.x86_64 > ipa-server-1.2.2-5.fc14.x86_64 > > This appears similar to a bug reported a couple of weeks ago: > > https://bugzilla.redhat.com/show_bug.cgi?id=658832 > > Although the above report is related to ipa-getkeytab rather than > ipa-passwd. If they are the same issue, then this bug is more serious > since I can't create new users or allow password changes. Yes it is almost certainly the same issue, as the ipa-pwd-exop plugin handles all password changes and keytab issuance. > Does anyone have a status on this? We have a patch for the v2 version of the plugins but haven't yet found the time to backport to 1.2.2. A workaround is to downgrade DS to a version not compiled with openldap libs (or recompile it with mozldap). If you look in this list archives you will also find that Thomas Sailer has created a backport of the patch and posted a srpm on his fedora people page. We hope to address the issue as soon as possible, but we are short on time in this period. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
