I tried with xenial (krb5 1.13.2+dfsg-5ubuntu2) and precise (krb5
1.10+dfsg~beta1-2ubuntu0.7) and kpasswd worked in both cases when having
the principal created with the preauth flag (it was hinted this could
have been the problem).
This is on precise (1.10):
kadmin.local: addprinc +requires_preauth ubuntu
WARNING: no policy specified for ubuntu@PRECISE; defaulting to no policy
Enter password for principal "ubuntu@PRECISE":
Re-enter password for principal "ubuntu@PRECISE":
Principal "ubuntu@PRECISE" created.
Client (also precise, 1.10):
ubuntu@precise-krb5-client:~$ kinit
Password for ubuntu@PRECISE:
ubuntu@precise-krb5-client:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: ubuntu@PRECISE
Valid startingExpires Service principal
01/05/2017 19:22 02/05/2017 05:22 krbtgt/PRECISE@PRECISE
renew until 02/05/2017 19:22
ubuntu@precise-krb5-client:~$ kpasswd
Password for ubuntu@PRECISE:
Enter new password:
Enter it again:
Password changed.
ubuntu@precise-krb5-client:~$ klist -f5
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: ubuntu@PRECISE
Valid startingExpires Service principal
01/05/2017 19:22 02/05/2017 05:22 krbtgt/PRECISE@PRECISE
renew until 02/05/2017 19:22, Flags: FPRIA
Server log:
May 1 19:22:19 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16
23}) 10.0.100.232: NEEDED_PREAUTH: ubuntu@PRECISE for krbtgt/PRECISE@PRECISE,
Additional pre-authentication required
May 1 19:22:20 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16
23}) 10.0.100.232: ISSUE: authtime 1493666540, etypes {rep=18 tkt=18 ses=18},
ubuntu@PRECISE for krbtgt/PRECISE@PRECISE
May 1 19:22:25 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16
23}) 10.0.100.232: NEEDED_PREAUTH: ubuntu@PRECISE for kadmin/changepw@PRECISE,
Additional pre-authentication required
May 1 19:22:27 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16
23}) 10.0.100.232: ISSUE: authtime 1493666547, etypes {rep=18 tkt=18 ses=18},
ubuntu@PRECISE for kadmin/changepw@PRECISE
May 1 19:22:33 precise-krb5-server kadmind[5361]: chpw request from
10.0.100.232 for ubuntu@PRECISE: success
This is an old bug, I'll mark it as incomplete so that it expires if there are
no further comments.
** Changed in: krb5 (Ubuntu)
Status: Triaged => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/715765
Title:
Can't change kerberos password
Status in krb5 package in Ubuntu:
Incomplete
Bug description:
$ kpasswd
Password for u...@example.com:
Enter new password:
Enter it again:
Server error: Failed decrypting request
Trying with passwd:
$ passwd
Ändern des Passworts für user.
(aktuelles) UNIX-Passwort:
passwd: Fehler beim Ändern des Authentifizierungstoken
passwd: password unchanged
It is impossible to change the password. /etc/krb5.conf:
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_kdc = false
dns_lookup_realm = false
kdc_timesync = 1
ccache_type = 4
no-addresses = true
forwardable = true
proxiable = true
[realms]
EXAMPLE.COM = {
kdc = 192.168.1.4
admin_server = 192.168.1.4
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
[login]
krb4_convert = true
krb4_get_tickets = false
[logging]
default = FILE:/var/log/kerberos/krb5lib.log
I'll handed a tgt login in:
$ klist -f5
Ticket cache: FILE:/tmp/krb5cc_2023
Default principal: u...@example.com
Valid starting ExpiresService principal
02/07/11 14:49:30 02/08/11 00:49:30 krbtgt/example@example.com
renew until 02/08/11 14:49:31, Flags: FPRIA
02/07/11 18:28:29 02/08/11 00:49:30 host/srv.example@example.com
renew until 02/08/11 14:49:31, Flags: FPRAT
$
I can call kadmin:
$ kadmin
Authenticating as principal user/ad...@example.com with password.
Password for user/ad...@example.com:
kadmin:
It is no problem to change the password then.
None of the hosts has IPv6-Addresses. There all at IPv4.
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: krb5-user 1.8.1+dfsg-5ubuntu0.2
Uname: Linux 2.6.36.3 x86_64
Architecture: amd64
Date: Wed Feb 9 14:24:46 2011
ProcEnviron:
PATH=(custom, user)
LANG=de_DE.utf8
SHELL=/bin/bash
SourcePackage: krb5
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715765/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help :