kpasswd responds with Server error: Failed decrypting request
drjlove@gmail.com
drjlove at gmail.com
Mon Sep 24 04:50:27 EDT 2007
Hello Michael
Thanks very very much for that reference. I removed the reference to
the IPv6 address from my hosts file and it worked perfectly.
Jamie
On Sep 24, 5:48 pm, Michael Calmer <m... at suse.de> wrote:
> Hi,
>
> Your problem may be IPv6. I saw the same.
>
> See alsohttp://krbdev.mit.edu/rt/Ticket/Display.html?id=5595
>
> Am Montag, 24. September 2007 schrieb drjl... at gmail.com:
>
>
>
>
>
> > Hi all,
>
> > I am unable to use kpasswd to change a kerberos principle's password.
>
> > For the first time I'm setting up a LDAP+Kerberos system. I have set
> > everything up on a single (linux/Fedora) machine with openldap and the
> > MIT (I believe) KRB5 packages.
>
> > I have set up the system hosting kerberos/ldap such that as a unix
> > user listed in /etc/passwd I can log into the machine, and be also
> > authenticated to kerberos, and such that 'ldapwhoami' also works.
> > Kerberos is doing the authentication (in my shadow password file I
> > have *K* in the password field, so I know I'm not getting in by the
> > standard unix access).
>
> > When I log in to the machine I can do the following:
>
> > $ ssh 10.0.1.102
> > ja... at 10.0.1.102's password:
> > Last login: Mon Sep 24 15:30:53 2007 from 10.8.0.6
> > [jamiel at janeiro ~]$ klist
> > Ticket cache: FILE:/tmp/krb5cc_505_d6jBsX
> > Default principal: ja... at aviarc.com.au
>
> > Valid starting Expires Service principal
> > 09/24/07 16:07:17 09/25/07 02:07:17 krbtgt/example.... at example.com
> > renew until 09/24/07 16:07:17
>
> > Kerberos 4 ticket cache: /tmp/tkt505
> > klist: You have no tickets cached
> > [jamie at janeiro ~]$ ldapwhoami -h janeiro
> > SASL/GSSAPI authentication started
> > SASL username: ja... at aviarc.com.au
> > SASL SSF: 56
> > SASL installing layers
> > dn:uid=jamie,ou=people,dc=example,dc=com
> > Result: Success (0)
> > [jamie at janeiro ~]$
>
> > I can do a ldapsearch and see all the data in the ldap directory (as
> > an aside, ldap commands require the -h option for the host for some
> > reason but I assume that is an ldap, not a kerberos problem)
>
> > So I'm quite happy with this, but I want to change my password, so I
> > do:
>
> > [jamie at janeiro ~]$ kpasswd
> > Password for ja... at example.com
> > Enter new password:
> > Enter it again:
> > Server error: Failed decrypting request
> > [jamie at janeiro ~]$
>
> > This is my problem. I have no idea why this error occurs. The log
> > says:
>
> > Sep 24 16:11:07 janeiro.example.com krb5kdc[7796](info): AS_REQ (7
> > etypes {18 17 16 23 1 3 2}) 10.0.1.102: ISSUE: authtime 1190614267,
> > etypes {rep=16 tkt=16 ses=16}, ja... at example.com for kadmin/
> > chang... at example.com
> > Sep 24 16:11:07 janeiro.example.com krb5kdc[7796](info): AS_REQ (7
> > etypes {18 17 16 23 1 3 2}) 10.0.1.102: ISSUE: authtime 1190614267,
> > etypes {rep=16 tkt=16 ses=16}, ja... at example.com for kadmin/
> > chang... at example.com
>
> > (there are two lines in the log file).
>
> > My principles in kerberos are:
>
> > kadmin: listprincs
> > K... at example.com
> > jamie/ad... at example.com
> > ja... at example.com
> > kadmin/ad... at example.com
> > kadmin/chang... at example.com
> > kadmin/hist... at example.com
> > kadmin/janeiro.example.... at example.com
> > krbtgt/example.... at example.com
> > ldap/janeiro.example.... at example.com
>
> > Using kadmin (or kadmin.local) I can change the password for
> > principles.
>
> > Does anyone have any ideas?
>
> > ________________________________________________
> > Kerberos mailing list Kerbe... at mit.edu
> >https://mailman.mit.edu/mailman/listinfo/kerberos
>
> --
> MFG
>
> Michael Calmer
>
> --------------------------------------------------------------------------
> Michael Calmer
> SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
> T: +49 (0) 911 74053 0
> F: +49 (0) 911 74053575 - e-mail: Michael.Cal... at suse.com
> --------------------------------------------------------------------------
> SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)- Hide quoted text -
>
> - Show quoted text -
More information about the Kerberos
mailing list