This is a discussion on kpasswd problem on 1.4.1/1.4.2 (NOT!) - Kerberos ; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Earlier, I posted this: > I just noticed that with 1.4.1 and 1.4.2, when I try to change my > password with kpasswd, I get the following message after entering the > new password ...
-----BEGIN PGP SIGNED MESSAGE-----
Earlier, I posted this:
> I just noticed that with 1.4.1 and 1.4.2, when I try to change my
> password with kpasswd, I get the following message after entering the
> new password twice:
> kpasswd: Permission denied changing password
> This occurs whether the KDC is at 1.3.4 or at 1.4.2.
> I don't have the problem using a 1.3.4 kpasswd.
> Has something changed in 1.4.x with respect to password changing?
I now realize what the answer is: my firewall. I needed to open up UDP
464 to allow password-changing. This hasn't been an issue for me in the
past because, until very recently, I haven't been running a host-based
firewall on my own workstation. If I had been, then I'm sure my 1.3.4
kpasswd would have had the same problem. My test earlier today with a
1.3.4 kpasswd was from a different machine (still running 1.3.4) that
doesn't have such a firewall.
I realized all this when I discovered that 1.4.2 kpasswd worked fine from
my 1.4.2 KDC itself. I then ran a trace of kpasswd on my workstation and
saw that the 'permission denied' problem was coming when trying to write
to a socket for the actual password change.
Sorry for the false alarm!
Mike Friedman System and Network Security
mikef@ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
-----END PGP SIGNATURE-----
Kerberos mailing list Kerberos@mit.edu