Hello,

I've upgraded a FreeIPA server to RHEL 6.2 (from 6.1), putting me at version 
2.1.3-9. Since the upgrade, I haven't been able to change any existing 
passwords, all I get is an "Authentication token manipulation error". 
Newly-created accounts don't have this problem. I /can/ login using my existing 
password, but one user's password is expired and is effectively locked out 
until I can figure this out. Any ideas?

Best,
Ian


-bash-4.1$ whoami
ian

-bash-4.1$ passwd
Changing password for user ian.
Current Password: 
New password: 
Retype new password: 
Password change failed. Server message: Password change failed
passwd: Authentication token manipulation error


krb5kdc.log:

krb5kdc[1558](info): AS_REQ (4 etypes {18 17 16 23}) 10.0.10.54: 
NEEDED_PREAUTH: i...@sbgrid.org for kadmin/chang...@sbgrid.org, Additional 
pre-authentication required
krb5kdc[1558](info): AS_REQ (4 etypes {18 17 16 23}) 10.0.10.54: ISSUE: 
authtime 1325719595, etypes {rep=18 tkt=18 ses=18}, i...@sbgrid.org for 
kadmin/chang...@sbgrid.org
krb5kdc[1558](info): AS_REQ (4 etypes {18 17 16 23}) 10.0.10.54: 
NEEDED_PREAUTH: kadmin/chang...@sbgrid.org for krbtgt/sbgrid....@sbgrid.org, 
Additional pre-authentication required
krb5kdc[1558](info): AS_REQ (4 etypes {18 17 16 23}) 10.0.10.54: ISSUE: 
authtime 1325719595, etypes {rep=18 tkt=18 ses=18}, kadmin/chang...@sbgrid.org 
for krbtgt/sbgrid....@sbgrid.org
krb5kdc[1558](info): TGS_REQ (4 etypes {18 17 16 23}) 10.0.10.54: ISSUE: 
authtime 1325719595, etypes {rep=18 tkt=18 ses=18}, kadmin/chang...@sbgrid.org 
for ldap/sbgrid-directory.in.hw...@sbgrid.org

messages:

passwd: pam_sss(passwd:chauthtok): system info: [Generic error (see e-text)]
passwd: pam_sss(passwd:chauthtok): User info message: Password change failed. 
Server message: Password change failed
passwd: pam_sss(passwd:chauthtok): Password change failed for user ian: 20 
(Authentication token manipulation error)



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to