Can't change kerberos password on Active Directory with kpasswd

Wyllys Ingersoll wyllys.ingersoll at sun.com
Fri Apr 2 13:52:30 EST 2004


Tyson Oswald wrote:
> Hello,
>  
> I have setup kerberos (to Aactive Directory) authentication on Solaris 8 with SEAM 1.0.  I can authenticate withut any problems, but if I try and use kpasswd to change my kerberos password I get the following error 'kpasswd: unable to get host based service name for realm myRealm.net'.  My /etc/krb5/krb5.conf file looks like
>  
> [libdefaults]
>         default_realm = MYREALM.NET
>         default_tkt_enctypes = des-cbc-md5
>         default_tgs_enctype = des-cbc-md5
>  
> [realms]
>         MYREALM.NET = {
>                 kdc = 192.168.0.252:88
>         }
>  
> I have looked on google and didn't see any references to this error.  Any help would be greatly appreciated.
>  
> thank you,
>  
> Tyson Oswald
>

The protocol used by kpasswd in Solaris 8/SEAM 1.0 is not compatible with
Microsoft Active Directory.

SEAM for Solaris 9, however, can be made configured to work with an AD server
for password change requests.  See 'man krb5.conf' on a Solaris 9 system for details.

-Wyllys


More information about the Kerberos mailing list