If I put the adm account into a user group and ssh in I can set a password,
==== [jonesst1@8kxl72s ~]$ ssh -l admjonesst1 localhost -p22 admjonesst1@localhost's password: Password expired. Change your password now. Creating home directory for admjonesst1. WARNING: Your password has expired. You must change your password now and login again! Changing password for user admjonesst1. Current Password: New password: Retype new password: passwd: all authentication tokens updated successfully. Connection to localhost closed. [jonesst1@8kxl72s ~]$ ssh -l admjonesst1 localhost -p22 admjonesst1@localhost's password: Last login: Fri Jul 27 11:03:37 2012 from 127.0.0.1 [admjonesst1@8kxl72s ~]$ ==== regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: [email protected] [[email protected]] on behalf of Steven Jones [[email protected]] Sent: Friday, 27 July 2012 10:48 a.m. Cc: [email protected] Subject: [Freeipa-users] resetting an admin account. I have tried to reset my admin password (admjonesst1) using the admin account toa temp password, So I run a kinit admjonesst1 to reset it to a perm one and I get, ======== [jonesst1@8kxl72s ~]$ kinit admjonesst1 Password for [email protected]: Password expired. You must change it now. Enter new password: Enter it again: kinit: Cannot contact any KDC for requested realm while getting initial credentials [jonesst1@8kxl72s ~]$ kinit admjonesst1 Password for [email protected]: Password expired. You must change it now. Enter new password: Enter it again: kinit: Cannot contact any KDC for requested realm while getting initial credentials [jonesst1@8kxl72s ~]$ ======== The krb log says, ======= Jul 27 10:44:03 vuwunicoipam002.ods.vuw.ac.nz krb5kdc[4102](info): AS_REQ (4 etypes {18 17 16 23}) 130.195.245.249: CLIENT KEY EXPIRED: [email protected] for krbtgt/[email protected], Password has expired Jul 27 10:44:03 vuwunicoipam002.ods.vuw.ac.nz krb5kdc[4102](info): AS_REQ (4 etypes {18 17 16 23}) 130.195.245.249: NEEDED_PREAUTH: [email protected] for kadmin/[email protected], Additional pre-authentication required Jul 27 10:44:11 vuwunicoipam002.ods.vuw.ac.nz krb5kdc[4102](info): AS_REQ (4 etypes {18 17 16 23}) 130.195.245.249: ISSUE: authtime 1343342651, etypes {rep=18 tkt=18 ses=18}, [email protected] for kadmin/[email protected] Jul 27 10:44:41 vuwunicoipam002.ods.vuw.ac.nz krb5kdc[4102](info): AS_REQ (4 etypes {18 17 16 23}) 130.195.245.249: CLIENT KEY EXPIRED: [email protected] for krbtgt/[email protected], Password has expired Jul 27 10:44:41 vuwunicoipam002.ods.vuw.ac.nz krb5kdc[4102](info): AS_REQ (4 etypes {18 17 16 23}) 130.195.245.249: NEEDED_PREAUTH: [email protected] for kadmin/[email protected], Additional pre-authentication required Jul 27 10:44:46 vuwunicoipam002.ods.vuw.ac.nz krb5kdc[4102](info): AS_REQ (4 etypes {18 17 16 23}) 130.195.245.249: ISSUE: authtime 1343342686, etypes {rep=18 tkt=18 ses=18}, [email protected] for kadmin/[email protected] ======= Any idea what's going on here pls? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
