[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Password Modification Errors
- To: heimdal-discuss@sics.se
- Subject: Password Modification Errors
- From: "Matt Proud" <matt.proud.list@gmail.com>
- Date: Fri, 22 Dec 2006 13:02:57 -0600
- DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=X1xBH1iezrxZecezXU9e5FhilIzl5HSju6vPZA8UQSh2PF/dhCu3VN55Lo2fjm5b933JKme4Ko6iyQ/pDGNDaZrII6Sb8HZBKR2pLFsxRN6ubA/4ugw3t9ASwHO40ngZ4FEM59p1VaTxpKx7UfIw/M5LgXAoOb26MqwePITkX3k=
- Sender: owner-heimdal-discuss@sics.se
Hi,
I discovered that kpasswd is not letting me change users' passwords. I
can change them fine from kadmin.
1. "kinit principal" works with the old password just fine.
2. "kpasswd" to change the password succeeds, but it takes a long time
to finish. I only have eight principals.
3. "kdestroy"
4. "kinit principal" fails with the new password but works with the old.
Here are the contents from /var/log/heimdal-kdc.log
2006-12-22T12:58:11 AS-REQ matt@IMA.UMN.EDU from IPv4:128.101.10.127
for krbtgt/IMA.UMN.EDU@IMA.UMN.EDU
2006-12-22T12:58:11 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2006-12-22T12:58:11 Requested flags: proxiable, forwardable
2006-12-22T12:58:11 sending 611 bytes to IPv4:128.101.10.127
2006-12-22T12:58:17 AS-REQ matt@IMA.UMN.EDU from IPv4:128.101.10.127
for krbtgt/IMA.UMN.EDU@IMA.UMN.EDU
2006-12-22T12:58:17 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2006-12-22T12:58:17 Requested flags: proxiable, forwardable
2006-12-22T12:58:17 sending 611 bytes to IPv4:128.101.10.127
2006-12-22T12:58:25 AS-REQ matt@IMA.UMN.EDU from IPv4:128.101.10.127
for kadmin/changepw@IMA.UMN.EDU
2006-12-22T12:58:25 No preauth found, returning PREAUTH-REQUIRED --
matt@IMA.UMN.EDU
2006-12-22T12:58:25 sending 375 bytes to IPv4:128.101.10.127
2006-12-22T12:58:25 AS-REQ matt@IMA.UMN.EDU from IPv4:128.101.10.127
for kadmin/changepw@IMA.UMN.EDU
2006-12-22T12:58:25 Looking for ENC-TS pa-data -- matt@IMA.UMN.EDU
2006-12-22T12:58:25 ENC-TS Pre-authentication succeeded -- matt@IMA.UMN.EDU
2006-12-22T12:58:25 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2006-12-22T12:58:25 sending 605 bytes to IPv4:128.101.10.127
2006-12-22T12:58:32 Failed processing 617 byte request from IPv4:128.101.10.127
2006-12-22T12:58:34 Failed processing 617 byte request from IPv4:128.101.10.127
2006-12-22T12:58:37 Failed processing 617 byte request from IPv4:128.101.10.127
2006-12-22T12:58:42 Failed processing 617 byte request from IPv4:128.101.10.127
2006-12-22T12:58:51 Failed processing 617 byte request from IPv4:128.101.10.127
2006-12-22T12:59:08 Failed processing 621 byte request from IPv4:128.101.10.127
2006-12-22T13:00:03 AS-REQ matt@IMA.UMN.EDU from IPv4:128.101.10.127
for krbtgt/IMA.UMN.EDU@IMA.UMN.EDU
2006-12-22T13:00:03 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2006-12-22T13:00:03 Requested flags: proxiable, forwardable
2006-12-22T13:00:03 sending 611 bytes to IPv4:128.101.10.127
2006-12-22T13:00:21 AS-REQ matt@IMA.UMN.EDU from IPv4:128.101.10.127
for krbtgt/IMA.UMN.EDU@IMA.UMN.EDU
2006-12-22T13:00:21 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2006-12-22T13:00:21 Requested flags: proxiable, forwardable
2006-12-22T13:00:21 sending 611 bytes to IPv4:128.101.10.127
What could be causing this? As far as I know, both ends are using the
same types of encryption.
Best,
Matt