Hello Michael Thanks very very much for that reference. I removed the reference to the IPv6 address from my hosts file and it worked perfectly.
Jamie On Sep 24, 5:48 pm, Michael Calmer <[EMAIL PROTECTED]> wrote: > Hi, > > Your problem may be IPv6. I saw the same. > > See alsohttp://krbdev.mit.edu/rt/Ticket/Display.html?id=5595 > > Am Montag, 24. September 2007 schrieb [EMAIL PROTECTED]: > > > > > > > Hi all, > > > I am unable to use kpasswd to change a kerberos principle's password. > > > For the first time I'm setting up a LDAP+Kerberos system. I have set > > everything up on a single (linux/Fedora) machine with openldap and the > > MIT (I believe) KRB5 packages. > > > I have set up the system hosting kerberos/ldap such that as a unix > > user listed in /etc/passwd I can log into the machine, and be also > > authenticated to kerberos, and such that 'ldapwhoami' also works. > > Kerberos is doing the authentication (in my shadow password file I > > have *K* in the password field, so I know I'm not getting in by the > > standard unix access). > > > When I log in to the machine I can do the following: > > > $ ssh 10.0.1.102 > > [EMAIL PROTECTED]'s password: > > Last login: Mon Sep 24 15:30:53 2007 from 10.8.0.6 > > [EMAIL PROTECTED] ~]$ klist > > Ticket cache: FILE:/tmp/krb5cc_505_d6jBsX > > Default principal: [EMAIL PROTECTED] > > > Valid starting Expires Service principal > > 09/24/07 16:07:17 09/25/07 02:07:17 krbtgt/[EMAIL PROTECTED] > > renew until 09/24/07 16:07:17 > > > Kerberos 4 ticket cache: /tmp/tkt505 > > klist: You have no tickets cached > > [EMAIL PROTECTED] ~]$ ldapwhoami -h janeiro > > SASL/GSSAPI authentication started > > SASL username: [EMAIL PROTECTED] > > SASL SSF: 56 > > SASL installing layers > > dn:uid=jamie,ou=people,dc=example,dc=com > > Result: Success (0) > > [EMAIL PROTECTED] ~]$ > > > I can do a ldapsearch and see all the data in the ldap directory (as > > an aside, ldap commands require the -h option for the host for some > > reason but I assume that is an ldap, not a kerberos problem) > > > So I'm quite happy with this, but I want to change my password, so I > > do: > > > [EMAIL PROTECTED] ~]$ kpasswd > > Password for [EMAIL PROTECTED] > > Enter new password: > > Enter it again: > > Server error: Failed decrypting request > > [EMAIL PROTECTED] ~]$ > > > This is my problem. I have no idea why this error occurs. The log > > says: > > > Sep 24 16:11:07 janeiro.example.com krb5kdc[7796](info): AS_REQ (7 > > etypes {18 17 16 23 1 3 2}) 10.0.1.102: ISSUE: authtime 1190614267, > > etypes {rep=16 tkt=16 ses=16}, [EMAIL PROTECTED] for kadmin/ > > [EMAIL PROTECTED] > > Sep 24 16:11:07 janeiro.example.com krb5kdc[7796](info): AS_REQ (7 > > etypes {18 17 16 23 1 3 2}) 10.0.1.102: ISSUE: authtime 1190614267, > > etypes {rep=16 tkt=16 ses=16}, [EMAIL PROTECTED] for kadmin/ > > [EMAIL PROTECTED] > > > (there are two lines in the log file). > > > My principles in kerberos are: > > > kadmin: listprincs > > [EMAIL PROTECTED] > > jamie/[EMAIL PROTECTED] > > [EMAIL PROTECTED] > > kadmin/[EMAIL PROTECTED] > > kadmin/[EMAIL PROTECTED] > > kadmin/[EMAIL PROTECTED] > > kadmin/[EMAIL PROTECTED] > > krbtgt/[EMAIL PROTECTED] > > ldap/[EMAIL PROTECTED] > > > Using kadmin (or kadmin.local) I can change the password for > > principles. > > > Does anyone have any ideas? > > > ________________________________________________ > > Kerberos mailing list [EMAIL PROTECTED] > >https://mailman.mit.edu/mailman/listinfo/kerberos > > -- > MFG > > Michael Calmer > > -------------------------------------------------------------------------- > Michael Calmer > SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg > T: +49 (0) 911 74053 0 > F: +49 (0) 911 74053575 - e-mail: [EMAIL PROTECTED] > -------------------------------------------------------------------------- > SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)- Hide > quoted text - > > - Show quoted text -
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
