Hi, Your problem may be IPv6. I saw the same.
See also http://krbdev.mit.edu/rt/Ticket/Display.html?id=5595 Am Montag, 24. September 2007 schrieb [EMAIL PROTECTED]: > Hi all, > > I am unable to use kpasswd to change a kerberos principle's password. > > For the first time I'm setting up a LDAP+Kerberos system. I have set > everything up on a single (linux/Fedora) machine with openldap and the > MIT (I believe) KRB5 packages. > > I have set up the system hosting kerberos/ldap such that as a unix > user listed in /etc/passwd I can log into the machine, and be also > authenticated to kerberos, and such that 'ldapwhoami' also works. > Kerberos is doing the authentication (in my shadow password file I > have *K* in the password field, so I know I'm not getting in by the > standard unix access). > > When I log in to the machine I can do the following: > > $ ssh 10.0.1.102 > [EMAIL PROTECTED]'s password: > Last login: Mon Sep 24 15:30:53 2007 from 10.8.0.6 > [EMAIL PROTECTED] ~]$ klist > Ticket cache: FILE:/tmp/krb5cc_505_d6jBsX > Default principal: [EMAIL PROTECTED] > > Valid starting Expires Service principal > 09/24/07 16:07:17 09/25/07 02:07:17 krbtgt/[EMAIL PROTECTED] > renew until 09/24/07 16:07:17 > > Kerberos 4 ticket cache: /tmp/tkt505 > klist: You have no tickets cached > [EMAIL PROTECTED] ~]$ ldapwhoami -h janeiro > SASL/GSSAPI authentication started > SASL username: [EMAIL PROTECTED] > SASL SSF: 56 > SASL installing layers > dn:uid=jamie,ou=people,dc=example,dc=com > Result: Success (0) > [EMAIL PROTECTED] ~]$ > > I can do a ldapsearch and see all the data in the ldap directory (as > an aside, ldap commands require the -h option for the host for some > reason but I assume that is an ldap, not a kerberos problem) > > So I'm quite happy with this, but I want to change my password, so I > do: > > [EMAIL PROTECTED] ~]$ kpasswd > Password for [EMAIL PROTECTED] > Enter new password: > Enter it again: > Server error: Failed decrypting request > [EMAIL PROTECTED] ~]$ > > > This is my problem. I have no idea why this error occurs. The log > says: > > Sep 24 16:11:07 janeiro.example.com krb5kdc[7796](info): AS_REQ (7 > etypes {18 17 16 23 1 3 2}) 10.0.1.102: ISSUE: authtime 1190614267, > etypes {rep=16 tkt=16 ses=16}, [EMAIL PROTECTED] for kadmin/ > [EMAIL PROTECTED] > Sep 24 16:11:07 janeiro.example.com krb5kdc[7796](info): AS_REQ (7 > etypes {18 17 16 23 1 3 2}) 10.0.1.102: ISSUE: authtime 1190614267, > etypes {rep=16 tkt=16 ses=16}, [EMAIL PROTECTED] for kadmin/ > [EMAIL PROTECTED] > > (there are two lines in the log file). > > My principles in kerberos are: > > kadmin: listprincs > K/[EMAIL PROTECTED] > jamie/[EMAIL PROTECTED] > [EMAIL PROTECTED] > kadmin/[EMAIL PROTECTED] > kadmin/[EMAIL PROTECTED] > kadmin/[EMAIL PROTECTED] > kadmin/[EMAIL PROTECTED] > krbtgt/[EMAIL PROTECTED] > ldap/[EMAIL PROTECTED] > > Using kadmin (or kadmin.local) I can change the password for > principles. > > Does anyone have any ideas? > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos -- MFG Michael Calmer -------------------------------------------------------------------------- Michael Calmer SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg T: +49 (0) 911 74053 0 F: +49 (0) 911 74053575 - e-mail: [EMAIL PROTECTED] -------------------------------------------------------------------------- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
