subject:"\[Touch\-packages\] \[Bug 715765\] Re\: Can't change kerberos password"

[Touch-packages] [Bug 715765] Re: Can't change kerberos password

2017-06-30 Thread Launchpad Bug Tracker

[Expired for krb5 (Ubuntu) because there has been no activity for 60
days.]

** Changed in: krb5 (Ubuntu)
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/715765

Title:
  Can't change kerberos password

Status in krb5 package in Ubuntu:
  Expired

Bug description:
  $ kpasswd
  Password for u...@example.com: 
  Enter new password: 
  Enter it again: 
  Server error: Failed decrypting request

  Trying with passwd:
  $ passwd
  Ändern des Passworts für user.
  (aktuelles) UNIX-Passwort: 
  passwd: Fehler beim Ändern des Authentifizierungstoken
  passwd: password unchanged

  It is impossible to change the password. /etc/krb5.conf:
  [libdefaults]
  default_realm = EXAMPLE.COM
  dns_lookup_kdc = false
  dns_lookup_realm = false
  kdc_timesync = 1
  ccache_type = 4
  no-addresses = true
  forwardable = true
  proxiable = true

  [realms]
  EXAMPLE.COM = {
  kdc = 192.168.1.4
  admin_server = 192.168.1.4
  default_domain = example.com
  }

  [domain_realm]
  .example.com = EXAMPLE.COM
  example.com = EXAMPLE.COM

  [login]
  krb4_convert = true
  krb4_get_tickets = false

  [logging]
  default = FILE:/var/log/kerberos/krb5lib.log

  
  I'll handed a tgt login in:
  $ klist -f5
  Ticket cache: FILE:/tmp/krb5cc_2023
  Default principal: u...@example.com

  Valid starting ExpiresService principal
  02/07/11 14:49:30  02/08/11 00:49:30  krbtgt/example@example.com
  renew until 02/08/11 14:49:31, Flags: FPRIA
  02/07/11 18:28:29  02/08/11 00:49:30  host/srv.example@example.com
  renew until 02/08/11 14:49:31, Flags: FPRAT
  $

  I can call kadmin:
  $ kadmin
  Authenticating as principal user/ad...@example.com with password.
  Password for user/ad...@example.com: 
  kadmin:  

  It is no problem to change the password then.
  None of the hosts has IPv6-Addresses. There all at IPv4.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.10
  Package: krb5-user 1.8.1+dfsg-5ubuntu0.2
  Uname: Linux 2.6.36.3 x86_64
  Architecture: amd64
  Date: Wed Feb  9 14:24:46 2011
  ProcEnviron:
   PATH=(custom, user)
   LANG=de_DE.utf8
   SHELL=/bin/bash
  SourcePackage: krb5

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715765/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 715765] Re: Can't change kerberos password

2017-05-01 Thread Andreas Hasenack

I tried with xenial (krb5 1.13.2+dfsg-5ubuntu2) and precise (krb5
1.10+dfsg~beta1-2ubuntu0.7) and kpasswd worked in both cases when having
the principal created with the preauth flag (it was hinted this could
have been the problem).

This is on precise (1.10):
kadmin.local:  addprinc +requires_preauth ubuntu
WARNING: no policy specified for ubuntu@PRECISE; defaulting to no policy
Enter password for principal "ubuntu@PRECISE": 
Re-enter password for principal "ubuntu@PRECISE": 
Principal "ubuntu@PRECISE" created.


Client (also precise, 1.10):
ubuntu@precise-krb5-client:~$ kinit
Password for ubuntu@PRECISE: 

ubuntu@precise-krb5-client:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: ubuntu@PRECISE

Valid startingExpires   Service principal
01/05/2017 19:22  02/05/2017 05:22  krbtgt/PRECISE@PRECISE
renew until 02/05/2017 19:22

ubuntu@precise-krb5-client:~$ kpasswd
Password for ubuntu@PRECISE: 
Enter new password: 
Enter it again: 
Password changed.

ubuntu@precise-krb5-client:~$ klist -f5
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: ubuntu@PRECISE

Valid startingExpires   Service principal
01/05/2017 19:22  02/05/2017 05:22  krbtgt/PRECISE@PRECISE
renew until 02/05/2017 19:22, Flags: FPRIA

Server log:
May  1 19:22:19 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16 
23}) 10.0.100.232: NEEDED_PREAUTH: ubuntu@PRECISE for krbtgt/PRECISE@PRECISE, 
Additional pre-authentication required
May  1 19:22:20 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16 
23}) 10.0.100.232: ISSUE: authtime 1493666540, etypes {rep=18 tkt=18 ses=18}, 
ubuntu@PRECISE for krbtgt/PRECISE@PRECISE
May  1 19:22:25 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16 
23}) 10.0.100.232: NEEDED_PREAUTH: ubuntu@PRECISE for kadmin/changepw@PRECISE, 
Additional pre-authentication required
May  1 19:22:27 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16 
23}) 10.0.100.232: ISSUE: authtime 1493666547, etypes {rep=18 tkt=18 ses=18}, 
ubuntu@PRECISE for kadmin/changepw@PRECISE
May  1 19:22:33 precise-krb5-server kadmind[5361]: chpw request from 
10.0.100.232 for ubuntu@PRECISE: success


This is an old bug, I'll mark it as incomplete so that it expires if there are 
no further comments.

** Changed in: krb5 (Ubuntu)
   Status: Triaged => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/715765

Title:
  Can't change kerberos password

Status in krb5 package in Ubuntu:
  Incomplete

Bug description:
  $ kpasswd
  Password for u...@example.com: 
  Enter new password: 
  Enter it again: 
  Server error: Failed decrypting request

  Trying with passwd:
  $ passwd
  Ändern des Passworts für user.
  (aktuelles) UNIX-Passwort: 
  passwd: Fehler beim Ändern des Authentifizierungstoken
  passwd: password unchanged

  It is impossible to change the password. /etc/krb5.conf:
  [libdefaults]
  default_realm = EXAMPLE.COM
  dns_lookup_kdc = false
  dns_lookup_realm = false
  kdc_timesync = 1
  ccache_type = 4
  no-addresses = true
  forwardable = true
  proxiable = true

  [realms]
  EXAMPLE.COM = {
  kdc = 192.168.1.4
  admin_server = 192.168.1.4
  default_domain = example.com
  }

  [domain_realm]
  .example.com = EXAMPLE.COM
  example.com = EXAMPLE.COM

  [login]
  krb4_convert = true
  krb4_get_tickets = false

  [logging]
  default = FILE:/var/log/kerberos/krb5lib.log

  
  I'll handed a tgt login in:
  $ klist -f5
  Ticket cache: FILE:/tmp/krb5cc_2023
  Default principal: u...@example.com

  Valid starting ExpiresService principal
  02/07/11 14:49:30  02/08/11 00:49:30  krbtgt/example@example.com
  renew until 02/08/11 14:49:31, Flags: FPRIA
  02/07/11 18:28:29  02/08/11 00:49:30  host/srv.example@example.com
  renew until 02/08/11 14:49:31, Flags: FPRAT
  $

  I can call kadmin:
  $ kadmin
  Authenticating as principal user/ad...@example.com with password.
  Password for user/ad...@example.com: 
  kadmin:  

  It is no problem to change the password then.
  None of the hosts has IPv6-Addresses. There all at IPv4.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.10
  Package: krb5-user 1.8.1+dfsg-5ubuntu0.2
  Uname: Linux 2.6.36.3 x86_64
  Architecture: amd64
  Date: Wed Feb  9 14:24:46 2011
  ProcEnviron:
   PATH=(custom, user)
   LANG=de_DE.utf8
   SHELL=/bin/bash
  SourcePackage: krb5

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715765/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   :

[Touch-packages] [Bug 715765] Re: Can't change kerberos password

[Touch-packages] [Bug 715765] Re: Can't change kerberos password

2 matches

Site Navigation

Mail list logo

Footer information