kpasswd times out!

isfandarmad brother_sand at yahoo.com
Tue Aug 31 13:44:11 EDT 2004


OK,
        Here are the details of my kpasswd problem.  Domain names, Realm
names, and user names have been changed to protect the innocent.

This is what shows up in the kdc log when I first run kpasswd:

Aug 31 12:00:06 kdc1.ourdomain.com krb5kdc[4654](info): AS_REQ
(7 etypes {18 17 16 23 1 3 2}) 192.168.2.101: NEEDED_PREAUTH:
myuser at OURREALM.COM for kadmin/changepw at OURREALM.COM, Additional
pre-authentication required

        When I type in my password, I get a response asking for my new password
and the following entry appears in the kdc log:

Aug 31 12:00:09 kdc1.ourdomain.com krb5kdc[4654](info): AS_REQ
(7 etypes {18 17 16 23 1 3 2}) 192.168.2.101: ISSUE: authtime
1093971609, etypes {rep=16 tkt=16 ses=16}, myuser at OURREALM.COM for kadmin/changepw at OURREALM.COM

        That's all the ever appears in the log.  I have the kadmin log
segregated and nothing ever shows up in that log during this
opperation.  Here's what the client side looks like:

myuser at machine:~$ kpasswd
Password for myuser at OURREALM.COM:
Enter new password: :
Enter it again: :
kpasswd: Connection timed out changing password


Here's what the access control file (kadm5.acl) has:

# This file Is the access control list for krb5 administration.
# When this file is edited run /etc/init.d/krb5-admin-server restart to activate
# One common way to set up Kerberos administration is to allow any principal
# ending in /admin  is given full administrative rights.
# To enable this, uncomment the following line:
 */admin *
*/admin at OURREALM.COM   *
myuser at OURREALM.COM     cli     *
kadmin/admin at OURREALM.COM *
kadmin/changepw at OURREALM.COM   *       *


Thanks.
D.


On Mon, 30 Aug 2004 18:46:45 -0500, isfandarmad wrote:

> OK,
> 	I have set up a functioning KDC in a Debian linux environment.  I have a
> couple of machines with the kerberized ssh package, keytabs in place, and
> everything is just dandy.  I log in, get a ticket and can then ssh to
> several other machines without having to enter another password.
> 
>  	But kpasswd always fails.  I run kpasswd - it asks me for my password
>  (username at REALM) - I enter it and it asks for my new password.  After I
>  enter it (the second time) it just waits.  Eventually it times out.
> 
> 	I'm not at the office right now so I don't have the details that would
> normally be requested.  I'll post them up tomorrow.  But has anyone ever
> come across this problem?  I have googled all over and can't find anyone
> who has ever had this issue.
> 
> Detail to follow.  Thanks.
> D.




More information about the Kerberos mailing list