Also, I forgot to mention that I'm running Debian testing with the following packages:
ii krb5-admin-server 1.6.dfsg.1-6 MIT Kerberos master server (kadmind) ii krb5-config 1.17 Configuration files for Kerberos Version 5 ii krb5-doc 1.6.dfsg.1-6 Documentation for MIT Kerberos ii krb5-kdc 1.6.dfsg.1-6 MIT Kerberos key server (KDC) ii krb5-user 1.6.dfsg.1-6 Basic programs to authenticate using MIT Ker ii libkadm55 1.6.dfsg.1-6 MIT Kerberos administration runtime librarie ii libkrb5-17-heimdal 0.7.2.dfsg.1-10 Libraries for Heimdal Kerberos ii libkrb53 1.6.dfsg.1-6 MIT Kerberos runtime libraries Any help will be greatly appreciated! Tony > -----Original Message----- > From: Anthony Brock [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 04, 2007 4:03 PM > To: [email protected] > Subject: Problems with kadmind, kpasswd and cross-realm authentication > > > I have created several cross-realm trusts on a test server. At > this point, nearly everything is working properly. However, users > are unable to change their passwords unless their account is in > the initial domain. Users see the following when attempting it > from the initial domain: > > # kpasswd > Password for [EMAIL PROTECTED]: > Enter new password: > Enter it again: > Password changed. > # > > Unfortunately, following happens for additional domains: > > # kpasswd > Password for [EMAIL PROTECTED]: > Enter new password: > Enter it again: > Authentication error: Failed reading application request > # > > An strace of the kadmind daemon during a failed request shows the > following: > > Process 1123 attached - interrupt to quit > select(8, [6 7], NULL, NULL, {10, 890000}) = 0 (Timeout) > select(8, [6 7], NULL, NULL, {15, 0}) = 1 (in [7], left {12, 140000}) > recvfrom(7, > "\2\37\0\1\1\272n\202\1\2660\202\1\262\240\3\2\1\5\241\3"..., > 1500, 0, {sa_family=AF_INET, sin_port=htons(2051), > sin_addr=inet_addr("10.0.1.7")}, [16]) = 543 > socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 10 > connect(10, {sa_family=AF_INET, sin_port=htons(2051), > sin_addr=inet_addr("10.0.1.7")}, 16) = 0 > time(NULL) = 1188946658 > close(10) = 0 > sendto(7, > "\0\207\0\1\0\0~\1770}\240\3\2\1\5\241\3\2\1\36\244\21\30"..., > 135, 0, {sa_family=AF_INET, sin_port=htons(2051), > sin_addr=inet_addr("10.0.1.7")}, 16) = 135 > select(8, [6 7], NULL, NULL, {15, 0} <unfinished ...> > Process 1123 detached > > Any ideas? What further information would assist in identifying > the issue? Has anyone else encountered this? > > There doesn't seem to be much helpful documentation on > cross-realm authentication or how it should be setup. Thanks in advance! > > Tony ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
