Kerberos and round robin login nodes

Suvendra Nath Dutta suvendra_dutta at harvard.edu
Wed Jun 4 14:08:08 EDT 2008 

We have two machine for users to log into, they round robin to the same
name. One one I am able to change password fine:
[sdutta at login2 ~]$ passwd
Changing password for user sdutta.
Kerberos 5 Password:
New UNIX password: 
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[sdutta at login2 ~]$ 

On the other machine I get:
[sdutta at hlogin1 ~]$ passwd
Changing password for user sdutta.
Kerberos 5 Password:
Kerberos 5 Password:
New UNIX password: 
Retype new UNIX password:
passwd: Authentication token manipulation error
[sdutta at login1 ~]$ 


The server says (in the first case):
Jun 04 13:59:03 sm1.local krb5kdc[1494](info): AS_REQ (7 etypes {18 17 16 23
1 3 2}) 10.24.4.15: ISSUE: authtime 1212602343, etypes {rep=16 tkt=16
ses=16}, sdutta at LOCAL for kadmin/changepw at LOCAL
Jun 04 13:59:03 sm1.local krb5kdc[1494](info): AS_REQ (7 etypes {18 17 16 23
1 3 2}) 10.24.4.15: ISSUE: authtime 1212602343, etypes {rep=16 tkt=16
ses=16}, sdutta at LOCAL for kadmin/changepw at LOCAL
Jun 04 13:59:06 sm1.local krb5kdc[1494](info): AS_REQ (7 etypes {18 17 16 23
1 3 2}) 10.24.4.15: ISSUE: authtime 1212602346, etypes {rep=16 tkt=16
ses=16}, sdutta at LOCAL for kadmin/changepw at LOCAL
Jun 04 13:59:06 sm1.local krb5kdc[1494](info): AS_REQ (7 etypes {18 17 16 23
1 3 2}) 10.24.4.15: ISSUE: authtime 1212602346, etypes {rep=16 tkt=16
ses=16}, sdutta at LOCAL for kadmin/changepw at LOCAL
Jun 04 13:59:10 m1.local krb5kdc[1494](info): AS_REQ (7 etypes {18 17 16 23
1 3 2}) 10.24.4.15: ISSUE: authtime 1212602350, etypes {rep=16 tkt=16
ses=16}, sdutta at LOCAL for krbtgt/LOCAL at LOCAL
Jun 04 13:59:10 m1.local krb5kdc[1494](info): AS_REQ (7 etypes {18 17 16 23
1 3 2}) 10.24.4.15: ISSUE: authtime 1212602350, etypes {rep=16 tkt=16
ses=16}, sdutta at LOCAL for krbtgt/LOCAL at LOCAL


And in the second case:
Jun 04 14:01:27 sm1.local krb5kdc[1494](info): AS_REQ (7 etypes {18 17 16 23
1 3 2}) 10.24.4.14: ISSUE: authtime 1212602487, etypes {rep=16 tkt=16
ses=16}, sdutta at LOCAL for kadmin/changepw at LOCAL
Jun 04 14:01:27 sm1.local krb5kdc[1494](info): AS_REQ (7 etypes {18 17 16 23
1 3 2}) 10.24.4.14: ISSUE: authtime 1212602487, etypes {rep=16 tkt=16
ses=16}, sdutta at LOCAL for kadmin/changepw at LOCAL
Jun 04 14:01:29 sm1.local krb5kdc[1494](info): AS_REQ (7 etypes {18 17 16 23
1 3 2}) 10.24.4.14: ISSUE: authtime 1212602489, etypes {rep=16 tkt=16
ses=16}, sdutta at LOCAL for kadmin/changepw at LOCAL
Jun 04 14:01:29 sm1.local krb5kdc[1494](info): AS_REQ (7 etypes {18 17 16 23
1 3 2}) 10.24.4.14: ISSUE: authtime 1212602489, etypes {rep=16 tkt=16
ses=16}, sdutta at LOCAL for kadmin/changepw at LOCAL
Jun 04 14:01:29 sm1.local krb5kdc[1494](info): DISPATCH: repeated
(retransmitted?) request from 10.24.4.14, resending previous response
Jun 04 14:01:29 sm1.local krb5kdc[1494](info): DISPATCH: repeated
(retransmitted?) request from 10.24.4.14, resending previous response
Jun 04 14:01:32 sm1.local krb5kdc[1494](info): AS_REQ (7 etypes {18 17 16 23
1 3 2}) 10.24.4.14: ISSUE: authtime 1212602492, etypes {rep=16 tkt=16
ses=16}, sdutta at LOCAL for kadmin/changepw at LOCAL
Jun 04 14:01:32 sm1.local krb5kdc[1494](info): AS_REQ (7 etypes {18 17 16 23
1 3 2}) 10.24.4.14: ISSUE: authtime 1212602492, etypes {rep=16 tkt=16
ses=16}, sdutta at LOCAL for kadmin/changepw at LOCAL


Any ideas what might be going on here/

Thanks very much.

More information about the Kerberos mailing list