I had this issue, but I gave up.  I have my users either log into a Linux
box to change passwords or use a web based password reset I set up for them.

When your users log in successfully do they have tickets?  That's my
situation: they can get tickets once they're logged in, but can't change
when prompted at login, nor can they change interactively using passwd.

If you ever figure anything out let me know, but I spent quite a bit of
time on it (once I had the workaround I stopped, though.  You may be more

Good luck,


On Wed, Mar 12, 2014 at 4:52 PM, Rob <robert.ro...@xerox.com> wrote:

> Hi,
> I have configured an AIX 6.1 server to connect to a RHEL 6.5 IPA server.
> The
> AIX server is configured to use netgroups and all that works for existing
> the
> users.
> The problem is when a users password expires or when a new user is created.
> They cannot change their password
> WARNING: Your password has expired.
> You must change your password now and login again!
> Changing password for "testuser"
> testuser's Old password:
> testuser's New password:
> Connection to localhost closed.
> The problem seems to be related to not getting a kerberos ticket as kinit
> can
> be used to change the password.
> Logging is enabled but no logs ever get updated
> [logging]
>         kdc = FILE:/var/krb5/log/krb5kdc.log
>         admin_server = FILE:/var/krb5/log/kadmin.log
>         kadmin_local = FILE:/var/krb5/log/kadmin_local.log
>         default = FILE:/var/krb5/log/krb5lib.log
> Anybody ever come across this? Or know how to get logging working?
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6
Freeipa-users mailing list

Reply via email to