Problems with kadmind, kpasswd and cross-realm authentication
Christopher D. Clausen
cclausen at acm.org
Tue Sep 4 19:19:19 EDT 2007
Anthony Brock <brocka at sterlingcgi.com> wrote:
> I have created several cross-realm trusts on a test server. At this
> point, nearly everything is working properly. However, users are
> unable to change their passwords unless their account is in the
> initial domain. Users see the following when attempting it from the
> initial domain:
>
> # kpasswd
> Password for brocka at SCGROUP.ORG:
> Enter new password:
> Enter it again:
> Password changed.
> #
>
> Unfortunately, following happens for additional domains:
>
> # kpasswd
> Password for brocka at STERLINGCGI.COM:
> Enter new password:
> Enter it again:
> Authentication error: Failed reading application request
> #
What happens if you run:
kpasswd user at REALM
and manually specify the realm name where the user account is at?
so in your case, try running:
kpasswd brocka at SCGROUP.ORG
on the above machine where you were prompted for brocka at STERLINGCGI.COM
credentials.
Additionally, are you behind a NAT when kpasswd fails?
<<CDC
More information about the Kerberos
mailing list