> -----Original Message----- > Anthony Brock <[EMAIL PROTECTED]> wrote: > > I have created several cross-realm trusts on a test server. At this > > point, nearly everything is working properly. However, users are > > unable to change their passwords unless their account is in the > > initial domain. Users see the following when attempting it from the > > initial domain: > > > > # kpasswd > > Password for [EMAIL PROTECTED]: > > Enter new password: > > Enter it again: > > Password changed. > > # > > > > Unfortunately, following happens for additional domains: > > > > # kpasswd > > Password for [EMAIL PROTECTED]: > > Enter new password: > > Enter it again: > > Authentication error: Failed reading application request > > # > > What happens if you run: > kpasswd [EMAIL PROTECTED] > and manually specify the realm name where the user account is at? > so in your case, try running: > kpasswd [EMAIL PROTECTED] > on the above machine where you were prompted for [EMAIL PROTECTED] > credentials.
# kpasswd [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: Enter new password: Enter it again: Password changed. # It works for the @SCGROUP.ORG domain (the initial realm). Here is the results of the same with the @STERLINGCGI.COM realm: # kpasswd [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: Enter new password: Enter it again: Authentication error: Failed reading application request # > Additionally, are you behind a NAT when kpasswd fails? No, the entire network is on a single, private IP address range. In fact, I'm trying these particular commands on the same host that kadmind is running on. However, the behavior is identical from a remote host. Tony ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
