[Bug 715765] Re: Can't change kerberos password

Andreas Hasenack andreas at canonical.com
Mon May 1 19:27:56 UTC 2017 

I tried with xenial (krb5 1.13.2+dfsg-5ubuntu2) and precise (krb5
1.10+dfsg~beta1-2ubuntu0.7) and kpasswd worked in both cases when having
the principal created with the preauth flag (it was hinted this could
have been the problem).

This is on precise (1.10):
kadmin.local:  addprinc +requires_preauth ubuntu
WARNING: no policy specified for ubuntu at PRECISE; defaulting to no policy
Enter password for principal "ubuntu at PRECISE": 
Re-enter password for principal "ubuntu at PRECISE": 
Principal "ubuntu at PRECISE" created.


Client (also precise, 1.10):
ubuntu at precise-krb5-client:~$ kinit
Password for ubuntu at PRECISE: 

ubuntu at precise-krb5-client:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: ubuntu at PRECISE

Valid starting    Expires           Service principal
01/05/2017 19:22  02/05/2017 05:22  krbtgt/PRECISE at PRECISE
	renew until 02/05/2017 19:22

ubuntu at precise-krb5-client:~$ kpasswd
Password for ubuntu at PRECISE: 
Enter new password: 
Enter it again: 
Password changed.

ubuntu at precise-krb5-client:~$ klist -f5
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: ubuntu at PRECISE

Valid starting    Expires           Service principal
01/05/2017 19:22  02/05/2017 05:22  krbtgt/PRECISE at PRECISE
	renew until 02/05/2017 19:22, Flags: FPRIA

Server log:
May  1 19:22:19 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16 23}) 10.0.100.232: NEEDED_PREAUTH: ubuntu at PRECISE for krbtgt/PRECISE at PRECISE, Additional pre-authentication required
May  1 19:22:20 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16 23}) 10.0.100.232: ISSUE: authtime 1493666540, etypes {rep=18 tkt=18 ses=18}, ubuntu at PRECISE for krbtgt/PRECISE at PRECISE
May  1 19:22:25 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16 23}) 10.0.100.232: NEEDED_PREAUTH: ubuntu at PRECISE for kadmin/changepw at PRECISE, Additional pre-authentication required
May  1 19:22:27 precise-krb5-server krb5kdc[5357]: AS_REQ (4 etypes {18 17 16 23}) 10.0.100.232: ISSUE: authtime 1493666547, etypes {rep=18 tkt=18 ses=18}, ubuntu at PRECISE for kadmin/changepw at PRECISE
May  1 19:22:33 precise-krb5-server kadmind[5361]: chpw request from 10.0.100.232 for ubuntu at PRECISE: success


This is an old bug, I'll mark it as incomplete so that it expires if there are no further comments.

** Changed in: krb5 (Ubuntu)
       Status: Triaged => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/715765

Title:
  Can't change kerberos password

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715765/+subscriptions

More information about the Ubuntu-server-bugs mailing list