kpasswd and kerberos 1.8.1
Brian Candler
B.Candler at pobox.com
Tue Mar 15 13:32:09 EDT 2011
On Tue, Mar 15, 2011 at 11:21:28AM -0400, Greg Hudson wrote:
> There are two steps involved in changing a Kerberos password. First,
> you request a kadmin/changepw ticket from the KDC using your old
> password; then, you send your new password to the kpasswd service,
> authenticated with the kadmin/changepw ticket.
>
> Based on your KDC logs, the first step is succeeding--at least, from the
> KDC's point of view. The second step is not, suggesting that the client
> has the wrong information for the kpasswd service, or that kadmind isn't
> running (the kpasswd service is normally implemented as part of
> kadmind).
And also: I believe that the kadmin service can't be located from DNS
information (not yet anyway). You have to configure it explicitly in
/etc/krb5.conf
More information about the Kerberos
mailing list