Hello,
I've upgraded a FreeIPA server to RHEL 6.2 (from 6.1), putting me at version
2.1.3-9. Since the upgrade, I haven't been able to change any existing
passwords, all I get is an "Authentication token manipulation error".
Newly-created accounts don't have this problem. I /can/ login using my existing
password, but one user's password is expired and is effectively locked out
until I can figure this out. Any ideas?
Best,
Ian
-bash-4.1$ whoami
ian
-bash-4.1$ passwd
Changing password for user ian.
Current Password:
New password:
Retype new password:
Password change failed. Server message: Password change failed
passwd: Authentication token manipulation error
krb5kdc.log:
krb5kdc[1558](info): AS_REQ (4 etypes {18 17 16 23}) 10.0.10.54:
NEEDED_PREAUTH: [email protected] for kadmin/[email protected], Additional
pre-authentication required
krb5kdc[1558](info): AS_REQ (4 etypes {18 17 16 23}) 10.0.10.54: ISSUE:
authtime 1325719595, etypes {rep=18 tkt=18 ses=18}, [email protected] for
kadmin/[email protected]
krb5kdc[1558](info): AS_REQ (4 etypes {18 17 16 23}) 10.0.10.54:
NEEDED_PREAUTH: kadmin/[email protected] for krbtgt/[email protected],
Additional pre-authentication required
krb5kdc[1558](info): AS_REQ (4 etypes {18 17 16 23}) 10.0.10.54: ISSUE:
authtime 1325719595, etypes {rep=18 tkt=18 ses=18}, kadmin/[email protected]
for krbtgt/[email protected]
krb5kdc[1558](info): TGS_REQ (4 etypes {18 17 16 23}) 10.0.10.54: ISSUE:
authtime 1325719595, etypes {rep=18 tkt=18 ses=18}, kadmin/[email protected]
for ldap/[email protected]
messages:
passwd: pam_sss(passwd:chauthtok): system info: [Generic error (see e-text)]
passwd: pam_sss(passwd:chauthtok): User info message: Password change failed.
Server message: Password change failed
passwd: pam_sss(passwd:chauthtok): Password change failed for user ian: 20
(Authentication token manipulation error)
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
