I tried with xenial (krb5 1.13.2+dfsg-5ubuntu2) and precise (krb5
1.10+dfsg~beta1-2ubuntu0.7) and kpasswd worked in both cases when having
the principal created with the preauth flag (it was hinted this could
have been the problem).
This is on precise (1.10):
kadmin.local: addprinc +requires_preauth ubuntu
WARNING: no policy specified for ubuntu@PRECISE; defaulting to no policy
Enter password for principal "ubuntu@PRECISE":
Re-enter password for principal "ubuntu@PRECISE":
Principal "ubuntu@PRECISE" created.
Client (also precise, 1.10):
ubuntu@precise-krb5-client:~$ kinit
Password for ubuntu@PRECISE:
ubuntu@precise-krb5-client:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: ubuntu@PRECISE
Valid starting Expires Service principal
01/05/2017 19:22 02/05/2017 05:22 krbtgt/PRECISE@PRECISE
renew until 02/05/2017 19:22
ubuntu@precise-krb5-client:~$ kpasswd
Password for ubuntu@PRECISE:
Enter new password:
Enter it again:
Password changed.
ubuntu@precise-krb5-client:~$ klist -f5
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: ubuntu@PRECISE
Valid starting Expires Service principal
01/05/2017 19:22 02/05/2017 05:22 krbtgt/PRECISE@PRECISE
renew until 02/05/2017 19:22, Flags: FPRIA
Server log:
May 1 19:22:19 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16
23}) 10.0.100.232: NEEDED_PREAUTH: ubuntu@PRECISE for krbtgt/PRECISE@PRECISE,
Additional pre-authentication required
May 1 19:22:20 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16
23}) 10.0.100.232: ISSUE: authtime 1493666540, etypes {rep=18 tkt=18 ses=18},
ubuntu@PRECISE for krbtgt/PRECISE@PRECISE
May 1 19:22:25 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16
23}) 10.0.100.232: NEEDED_PREAUTH: ubuntu@PRECISE for kadmin/changepw@PRECISE,
Additional pre-authentication required
May 1 19:22:27 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16
23}) 10.0.100.232: ISSUE: authtime 1493666547, etypes {rep=18 tkt=18 ses=18},
ubuntu@PRECISE for kadmin/changepw@PRECISE
May 1 19:22:33 precise-krb5-server kadmind[5361]: chpw request from
10.0.100.232 for ubuntu@PRECISE: success
This is an old bug, I'll mark it as incomplete so that it expires if there are
no further comments.
** Changed in: krb5 (Ubuntu)
Status: Triaged => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/715765
Title:
Can't change kerberos password
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715765/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
