Changing password on linux machine hangs - Kerberos

This is a discussion on Changing password on linux machine hangs - Kerberos ; Hi: We use Active Directory to create User accounts and make the person change his/her password the first time he/she logs on to any of our machines (linux or windows). Changing password on the Windows machines works just fine but ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Changing password on linux machine hangs

  1. Changing password on linux machine hangs

    Hi:

    We use Active Directory to create User accounts and make the person
    change his/her password the first time he/she logs on to any of our
    machines (linux or windows). Changing password on the Windows machines
    works just fine but no one can change their passwords on a linux
    machine. Not just the first time, but ever.

    [user@machine ~]$ passwd
    Changing password for user username.
    Kerberos 5 Password:
    New UNIX password:
    Retype new UNIX password:

    After this it just hangs. The password never gets changed. i found
    pre-authentication failure kadmin/changepw...failure code 0x19. in the
    kdc admin-server event log which corresponds to "additional
    pre-authentication required." I googled that but couldn't find a way
    to fix that failure. I don't see anything in the logs on the linux
    machine that I'm trying to change my password on.

    Maybe its a pam issue but I have no idea how and where to begin fixing
    it. Any help will be greatly appreciated. I've ruled out firewall
    issues.

    Thanks

    qassair
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: Changing password on linux machine hangs

    M wrote:
    > We use Active Directory to create User accounts and make the person
    > change his/her password the first time he/she logs on to any of our
    > machines (linux or windows). Changing password on the Windows machines
    > works just fine but no one can change their passwords on a linux
    > machine. Not just the first time, but ever.
    >
    > [user@machine ~]$ passwd
    > Changing password for user username.
    > Kerberos 5 Password:
    > New UNIX password:
    > Retype new UNIX password:
    >
    > After this it just hangs. The password never gets changed. i found
    > pre-authentication failure kadmin/changepw...failure code 0x19. in the
    > kdc admin-server event log which corresponds to "additional
    > pre-authentication required." I googled that but couldn't find a way
    > to fix that failure. I don't see anything in the logs on the linux
    > machine that I'm trying to change my password on.


    Have you tired using the "kpasswd" command instead of "passwd"?

    <

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  3. Re: Changing password on linux machine hangs

    Yep. Tried that. Same behavior. Its not just one linux machine, its
    all linux machines that do this. So its something thats set
    environment wide...I've ruled out the firewall...not sure what else it
    could be.

    Thx

    Q

    On 4/3/07, Christopher D. Clausen wrote:
    > M wrote:
    > > We use Active Directory to create User accounts and make the person
    > > change his/her password the first time he/she logs on to any of our
    > > machines (linux or windows). Changing password on the Windows machines
    > > works just fine but no one can change their passwords on a linux
    > > machine. Not just the first time, but ever.
    > >
    > > [user@machine ~]$ passwd
    > > Changing password for user username.
    > > Kerberos 5 Password:
    > > New UNIX password:
    > > Retype new UNIX password:
    > >
    > > After this it just hangs. The password never gets changed. i found
    > > pre-authentication failure kadmin/changepw...failure code 0x19. in the
    > > kdc admin-server event log which corresponds to "additional
    > > pre-authentication required." I googled that but couldn't find a way
    > > to fix that failure. I don't see anything in the logs on the linux
    > > machine that I'm trying to change my password on.

    >
    > Have you tired using the "kpasswd" command instead of "passwd"?
    >
    > < >
    >
    >

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  4. Re: Changing password on linux machine hangs

    M wrote:
    > Yep. Tried that. Same behavior. Its not just one linux machine, its
    > all linux machines that do this. So its something thats set
    > environment wide...I've ruled out the firewall...not sure what else it
    > could be.


    What does your krb5.conf file look like?

    Do you have an "admin_server" specified for your realm?

    <

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  5. Re: Changing password on linux machine hangs

    Yes I do. My default REALM is also correct. I can ping my admin-server
    just fine. I've recreated the keytab file to make sure that wasn't the
    problem.
    Here's the krb5.conf:

    [libdefaults]
    default_realm = TEST.COM
    dns_lookup_realm = true
    dns_lookup_kdc = false
    forwardable = true
    proxiable = true
    default_keytab_name = FILE:/etc/krb5.keytab

    [realms]
    TEST.COM = {
    default_domain = TEST.COM
    kdc = server1.test.com
    kdc = server2.test.com
    admin_server = server1.test.com
    }

    [domain_realm]
    .test.com = TEST.COM
    test.com = TEST.COM
    [appdefaults]
    pam = {
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 36000
    krb4_convert = false
    forward = true
    encrypt = true
    }

    I can get a ticket just fine if I try kinit@TEST.COM or klist to see
    the tickets after logging in.

    Thanks

    Q

    On 4/3/07, Christopher D. Clausen wrote:
    > M wrote:
    > > Yep. Tried that. Same behavior. Its not just one linux machine, its
    > > all linux machines that do this. So its something thats set
    > > environment wide...I've ruled out the firewall...not sure what else it
    > > could be.

    >
    > What does your krb5.conf file look like?
    >
    > Do you have an "admin_server" specified for your realm?
    >
    > < >
    >
    >

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread