On Fri, 17 Dec 2010 10:47:06 -0500
Dan Scott <danieljamessc...@gmail.com> wrote:
> I have recently upgraded one of our server from Fedora 13 to 14.
> Recently, I noticed that I cannot reset user passwords any more:
> A database error occurred: Operations error: Failed to update password
> The log file contains the following entries:
> [16/Dec/2010:10:47:08 -0500] ipa_pwd_extop - encoding asn1
> EncryptionKey failed [16/Dec/2010:10:47:08 -0500] ipa_pwd_extop -
> encoding asn1 KrbSalt failed [16/Dec/2010:10:47:08 -0500]
> ipa_pwd_extop - key encryption/encoding failed
> This appears similar to a bug reported a couple of weeks ago:
> Although the above report is related to ipa-getkeytab rather than
> ipa-passwd. If they are the same issue, then this bug is more serious
> since I can't create new users or allow password changes.
Yes it is almost certainly the same issue, as the ipa-pwd-exop plugin
handles all password changes and keytab issuance.
> Does anyone have a status on this?
We have a patch for the v2 version of the plugins but haven't yet found
the time to backport to 1.2.2.
A workaround is to downgrade DS to a version not compiled with openldap
libs (or recompile it with mozldap).
If you look in this list archives you will also find that Thomas Sailer
has created a backport of the patch and posted a srpm on his fedora
We hope to address the issue as soon as possible, but we are short on
time in this period.
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list