This appears to be a failure of the password change mechanism to fail say the 
password is either too short or not complex enough.

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Martin Kosek [mko...@redhat.com]
Sent: Tuesday, 31 July 2012 7:12 p.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] resetting an admin account.

On 07/27/2012 12:48 AM, Steven Jones wrote:
> I have tried to reset my admin password (admjonesst1) using the admin account 
> toa temp password,
>
> So I run a kinit admjonesst1 to reset it to a perm one and I get,
>
> ========
> [jonesst1@8kxl72s ~]$ kinit admjonesst1
> Password for admjones...@ods.vuw.ac.nz:
> Password expired.  You must change it now.
> Enter new password:
> Enter it again:
> kinit: Cannot contact any KDC for requested realm while getting initial 
> credentials
> [jonesst1@8kxl72s ~]$ kinit admjonesst1
> Password for admjones...@ods.vuw.ac.nz:
> Password expired.  You must change it now.
> Enter new password:
> Enter it again:
> kinit: Cannot contact any KDC for requested realm while getting initial 
> credentials
> [jonesst1@8kxl72s ~]$
> ========
>

Would a kinit with a trace turned on show anything interesting?

# KRB5_TRACE=/dev/stdout kinit admjonesst1

It may get us closer to the root cause of this issue.

Martin



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to