Active Directory as KDC, MIT Kerberos (Debian) as client

Timo Veith tv at rz-zw.fh-kl.de
Thu Jul 17 08:21:55 EDT 2003


Hi all,

I am trying to change my password on the KDC which is running on a Active
Directory Controller (Windows Server 2003). I can get a TGT successfully
but when I run kpasswd I give it my current password and then get the
following error message:

tv at gareth [~] kpasswd
Password for timo at DS.FH-KL.DE:
kpasswd: Requested effective lifetime is negative or too short getting
initial ticket

The docs of MIT don't say much about this error, only that it is a valid
error code :(

Here is the output from klist, the time on the client and on the server:

tv at gareth [~] klist -f
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: timo at DS.FH-KL.DE

Valid starting     Expires            Service principal
07/17/03 14:03:16  07/17/03 23:59:03  krbtgt/DS.FH-KL.DE at DS.FH-KL.DE
        Flags: FPIA


tv at gareth [~] date
Thu Jul 17 14:17:05 CEST 2003

On the Server 14:16:02

What am I doing wrong?

TIA

Timo


More information about the Kerberos mailing list