This appears to be a failure of the password change mechanism to fail say the password is either too short or not complex enough.
regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: Martin Kosek [[email protected]] Sent: Tuesday, 31 July 2012 7:12 p.m. To: Steven Jones Cc: [email protected] Subject: Re: [Freeipa-users] resetting an admin account. On 07/27/2012 12:48 AM, Steven Jones wrote: > I have tried to reset my admin password (admjonesst1) using the admin account > toa temp password, > > So I run a kinit admjonesst1 to reset it to a perm one and I get, > > ======== > [jonesst1@8kxl72s ~]$ kinit admjonesst1 > Password for [email protected]: > Password expired. You must change it now. > Enter new password: > Enter it again: > kinit: Cannot contact any KDC for requested realm while getting initial > credentials > [jonesst1@8kxl72s ~]$ kinit admjonesst1 > Password for [email protected]: > Password expired. You must change it now. > Enter new password: > Enter it again: > kinit: Cannot contact any KDC for requested realm while getting initial > credentials > [jonesst1@8kxl72s ~]$ > ======== > Would a kinit with a trace turned on show anything interesting? # KRB5_TRACE=/dev/stdout kinit admjonesst1 It may get us closer to the root cause of this issue. Martin _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
