f



kpasswd and kerberos 1.8.1

Hello all,

I use Kerberos with OpenSuSE, and i have some problems with the kpasswd
command to change the user password.

kpasswd testuser
Password for testuser@DOMAIN.PRI:
Enter new password:
Enter it again:
kpasswd: Cannot contact any KDC for requested realm changing password

But all the other kerberos functions works properly, so i think is not a
DNS problem or something similar.

Into the logs i have only this:

Mar 15 13:39:45 kerberos krb5kdc[14969](info): AS_REQ (7 etypes {18 17
16 23 1 3 2}) 192.168.87.251: ISSUE: authtime 1300192785, etypes {rep=16
tkt=16 ses=16}, testuser@DOMAIN.PRI for kadmin/changepw@DOMAIN.PRI

What can be the problem?

Cordially,

Claudio Prono.


-- 

--------------------------------------------------------------------------------
Claudio Prono                         OPST
System Developer               
                                      Gsm: +39-349-54.33.258
@PSS Srl                              Tel: +39-011-32.72.100
Via San Bernardino, 17                Fax: +39-011-32.46.497
10141 Torino - ITALY                  http://atpss.net/disclaimer
--------------------------------------------------------------------------------
PGP Key - http://keys.atpss.net/c_prono.asc




0
3/15/2011 12:44:39 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
522 Views

Similar Articles

[PageSpeed] 55

Reply:

Similar Artilces:

ssh from windows xp (putty with kerberos) using NetIDMgr 1.1.8.0 (Kerberos for windows 3.1)
Has anyone got a version of putty to work with the Kerberos for Windows release 3.1? I'm running win xp and am able to get my kerberos 5 tokens fine (from CSAIL.MIT.EDU) in NetIDMgr, but I've tried various supposedly kerberos-aware versions of putty with no luck. Thanks. -- Greg -- Greg Sullivan gregs@csail.mit.edu (617)417-4746 (cell) ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

plot 1, -1, 1, -1, -1
Hi, How to plot those numbers in a rectangle style? thanks x = linspace(-4*pi,4*pi,1000); y = sin(x); plot(x,sign(y)), axis([-12 12 -2 2]) PZ <patrick.zou@gmail.com> wrote in message <d64c545f-f2ac-4f87-af89-051bda896707@x6g2000vbg.googlegroups.com>... > Hi, > > How to plot those numbers in a rectangle style? > > thanks help stairs stairs([-1 1 -1 1 -1 1]) hth Jos ...

Kerberos 1.4.1
I recently upgraded to Kerberos 1.4.1 from 1.3.6 on Gentoo and found that C-Kermit 8.0.211 make xermit with flags "-DCK_AUTHENTICATION -DCK_KERBEROS -DCK_ENCRYPTION -DCK_DES -DKRB5" wouldn't compile anymore. The linker would die with with "In function `ck_auth_init':: undefined reference to `krb5_init_ets'," I googled that function and found that it was deprecated a while back, wasn't considered part of the public Kerberos API, and was removed in Kerberos 1.4. It apparently broke several Kerberos applications. While looking in the ckuath.c file, I n...

Windows Installer for Kerberos 5 release 1.7 or release 1.8
Hi, Do you have Windows installer for Kerberos 5 release 1.7 or release 1.8 Thanks Khanh Dao Software Engineer Northrop Grumman Information Systems, Inc. Defense Mission Systems Division Airbone & Maritime System (AMS) 9326 Spectrum Center Blvd., Mail Stop CA222/1138 San Diego, CA 92123 858-514-9177 Fax: 858-514-9010 ...

MIT Kerberos 1.4.1, Solaris 8, & AD SSO
I am trying to get Single-Sing-On working with the *NIX boxes on our campus network. The Windows AD is controlled by our outsourced IT group so we can't drive any requirements on it. I have my Redhat Enterprise Linux boxes authenticating correctly to the AD domain. However I've hit the wall with Solaris 8 (we have a mix of Solaris, I started with 8). I compiled and installed MIT Kerberos 1.4.1 on a new Solaris 8 2/04 system. I configured the /etc/krb5.conf for the AD domain and kinit returns a ticket (works as root or unprivileged user). I configured /etc/pam.conf for kerberos: # PAM configuration # # This file is configured to try pam_unix first, then pam_krb5 # # Authentication management # other auth sufficient /usr/lib/security/$ISA/pam_unix.so.1 other auth required /usr/lib/security/$ISA/pam_krb5.so.1 use_first_pass # # Account management # # pam_krb5 has a no-op account module, so we don't bother listing it here # other account requisite /usr/lib/security/$ISA/pam_roles.so.1 other account required /usr/lib/security/$ISA/pam_projects.so.1 other account required /usr/lib/security/$ISA/pam_unix.so.1 # # Session management # # pam_krb5 destroys any credential cache on session close, so it's good # to have it here. However, we also need pam_unix to be called, so don't # make pam_krb5 "sufficient". # other session optional /usr/lib/security/$ISA/pam_krb5.so.1 other session required /usr/lib/security/$ISA/pam_unix.so.1 # # Password manageme...

problems conpiling Kerberos 1.3.1 in in NetBSD 1.6ZK
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm trying to compile kerberos 1.3.1 in a NetBSD 1.6ZK -current. I'm getting the error: working ut_exit.e_exit in utmpx is e_exit checking consistency of sysV-ish utmp API... not ok configure: error: have setutent but no ut_id, ut_type, or ut_pid in utmp configure: error: /usr/pkg/bin/bash './configure' failed for util/pty while configuring. Do you know can I solve it? It seems like it is trying to configure for a SYSV system instead for a BSD. I had compile it fine in NetBSD 1.6.1-stable systems, but I can't get probl...

where to download 8.1.5, 8.1.6, 8.1.7?
Hello. Does anybody know where to download any of these Oracle installations: 8.1.5, 8.1.6, 8.1.7? Windows/Linux versions, doesn't matter. I can't find them at Oracle website. Thanks in advance. The keyword is here: desupported. But if you have a valid CSI you can still get them from support. You need to submit a service request though. -- Sybrand Bakker Senior Oracle DBA ...

RE: MIT Kerberos 1.4.1, Solaris 8, & AD SSO
Error code 52 is the error returned by AD indicating your UDP packet was too big, and thus it wants to do TCP. Windows puts the PAC in the ticket to provide extra authentication information. Older versions of Kerberos don't support TCP, and thus don't know what to do. -dan -----Original Message----- From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf Of Haskins, Russell Sent: Wednesday, June 29, 2005 3:56 PM To: kerberos@mit.edu Subject: MIT Kerberos 1.4.1, Solaris 8, & AD SSO I am trying to get Single-Sing-On working with the *NIX boxes on our campus network. The Windows AD is controlled by our outsourced IT group so we can't drive any requirements on it. I have my Redhat Enterprise Linux boxes authenticating correctly to the AD domain. However I've hit the wall with Solaris 8 (we have a mix of Solaris, I started with 8). I compiled and installed MIT Kerberos 1.4.1 on a new Solaris 8 2/04 system. I configured the /etc/krb5.conf for the AD domain and kinit returns a ticket (works as root or unprivileged user). I configured /etc/pam.conf for kerberos: # PAM configuration # # This file is configured to try pam_unix first, then pam_krb5 # # Authentication management # other auth sufficient /usr/lib/security/$ISA/pam_unix.so.1 other auth required /usr/lib/security/$ISA/pam_krb5.so.1 use_first_pass # # Account management # # pam_krb5 has a no-op account module, so we don't bother listing it here # other account requisite /usr...

KRB5KRB_AP_ERR_MODIFIED: MIT Kerberos 1.8.1 & arcfour-hmac-md5 session key
After upgrading to MIT Kerberos 1.8.1, I get KRB5KRB_AP_ERR_MODIFIED while trying to authenticate to certain devices; so far, a NetApp filer, and Windows hosts running BitVise WinSSHD and MS SQL Server (alll part of a Windows AD realm). Clients are OpenSSH, Samba, and FreeTDS on Solaris. The same combinations work correctly with 1.6.3. For example: ----------------------------------------------------------------------- % kinit Password for res@FOO.COM: % smbclient -k //fshome1/res session setup failed: NT_STATUS_MORE_PROCESSING_REQUIRED did you forget to run kinit? % klist -ef Ticket cache: FILE:/tmp/krb5cc_11500_aicJWR9646 Default principal: res@FOO.COM Valid starting Expires Service principal 06/02/10 03:08:15 06/02/10 13:08:16 krbtgt/FOO.COM@FOO.COM renew until 06/03/10 03:08:15, Flags: FRIA Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 06/02/10 03:08:21 06/02/10 13:08:16 fshome1$@FOO.COM renew until 06/03/10 03:08:15, Flags: FRA ---> Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 --------------------- # Now, put this in krb5.conf: # # [libdefaults] # default_tkt_enctypes = des-cbc-md5 des-cbc-crc % kinit Password for res@FOO.COM: % smbclient -k //fshome1/res OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] smb: \> quit % klist -ef Ticket cache: FILE:/tmp/krb5cc_11500_aicJWR9646 Default principal: res@FOO.COM Valid starting Expires ...

math changes from 1.8.1 to 1.8.2?
I've got some code that does simulated fixed-point math and things like exp(-x). I find that my simulations work fine on a Windows XP box, Pentium IV, Ruby 1.8.2. However, when I run the same exact Ruby code on my Powerbook G4 running Ruby 1.8.1 I get lots of errors from my unit tests. I suspect that what I'm doing is really stressing the floating point operations so it could just be a difference between the G4 and Pentium FPUs, but I'm also wondering if there were changes between Ruby 1.8.1 and Ruby 1.8.2 that might account for this (even changes to the way Bignum works...

readlines changed from 1.8.0 to 1.8.1?
$ cat >foo bar $ ruby-1.8.0 -e 'p IO.readlines("foo", nil)' ["bar\n"] $ ruby-1.8.1 -e 'p IO.readlines("foo", nil)' -e:1:in `readlines': Interrupt from -e:1 $ ruby-1.8.1 -v ruby 1.8.1 (2003-12-25) [i686-linux] I had to interrupt the second one. There's nothing about readlines in the ChangeLog. What happened? I know I can use File.read, but I had left IO.readlines in some places for backwards compatibility. Joel VanderWerf <vjoel@PATH.Berkeley.EDU> writes: > $ cat >foo > bar > $ ruby-1.8.0 -e 'p IO.readlines...

Kerberos 1.3.1 on HPUX ?
Hi, Has anybody successfully compiled/built Kerberos 1.3.1 on HPUX (11, 11i, 10.20) ? The HP ANSI C compiler (to be accurate, the cpp.ansi pre-processor) on my system dies with signal 11 when it tries to process aestab.c, and there is no other error message. In addition, HPUX doesn't have "inet_ntop()", and the MIT version of "inet_ntop" macro is causing error due to the incompatible data types. The error message is: cc: "dispatch.c", line 58: error 1647: Illegal integer-pointer combination for second and third operands of conditional expression (?:). I&#...

YAML on Ruby 1.8.1 and Ruby 1.8.2
I've written several programs that use YAML to store their configuration files, and I generally run them on Ruby 1.8.2. Occasionally we have a setup with a Ruby 1.8.1 or older version around and noticed that the YAML module on these older versions of Ruby behaves differently from that of 1.8.2. In particular, this YAML string: "--- :abc" produces different results from 1.8.1 and 1.8.2. Under 1.8.2, I get the expected behavior, and YAML::load("--- :abc") => :abc However, under 1.8.1: YAML:load("--- :abc") => ":abc" This totally breaks my...

Error Compile 1.8.0 and 1.8.1-pre2
I'm trying to compile they latest. But i'm getting a SEGMENTATION FAULT error. It happens on miniruby. I found a post that said to add --enable-shared. So I did and this got me to the next file libruby.so with an error saying 'Unkown nod type 0'. I tried it on 1.8.1 and got the same segementation fault on miniruby. --enabled-shared didn't help. I'll keep searching and hacking but I thought I'd put this out these to see if anyone has any ideas. thanks, -t0 p.s. I'm doing this on GoboLinux. So maybe the alternate file hiearchry is the problem, but I doubt I w...

Vuescan 8.1.23 is faster than 8.1.21but still slower than 8.1.20
I just installed and tried out 8.1.23. It is significantly faster than 8.1.21 but still takes about 45 seconds after the scan is completed before beginning to write the TIFF file. The "color..." step quickly begins counting up, but then seems to stall at about 76% until the image appears, and the TIFF writing begins. Version 8.1.20 completes the color step and begins writing the TIFF file after about 4 or 5 seconds after the scan. I'm using a Minolta Dual Scan II, win98SE. I can provide the log file if requested. Thanks! -dan c. Dan, unfortunately it's ...

ANN: RubyInstaller - Release Candidate 2
I'm pleased to announce the second Release Candidate of the latest RubyInstaller packages. For those not already familiar with RubyInstaller, these versions continue the great work started with the original One-Click Installers by providing both 1.8 and 1.9 versions of MRI Ruby for Windows. RubyInstaller now uses a different compilation tool than the legacy One-Click Installers. As a result, when combined with our optional Development Kit, it is now possible to install RubyGems that, until today, were not readily or easily available to Windows users. This release also focuses on improvi...

IO.readlines bug? (1.6.8 vs 1.8.1)
Hi all, Ruby 1.6.8 (32 bit) / 1.8.1 (64 bit) on Solaris 9 If I have a file with a single line of data in it, but no newline, I get different return values: Let's say foo.pid contains "12345" (no newline). > VERSION => "1.6.8" irb(main):002:0> IO.readlines("foo.pid") => ["12345"] irb(main):001:0> VERSION => "1.8.1" irb(main):002:0> IO.readlines("foo.pid") => [] This a bug? Regards, Dan Hi, In message "IO.readlines bug? (1.6.8 vs 1.8.1)" on 03/11/11, Daniel Berger <djberge@qwest.c...

Re: Error Compile 1.8.0 and 1.8.1-pre2
> Could you show stack trace? Sorry, I don't know much about compiling programs. How do I do what you are asking? -t0 Hi, At Wed, 12 Nov 2003 09:23:55 +0900, T. Onoma wrote: > > Could you show stack trace? > > Sorry, I don't know much about compiling programs. How do I do what you are asking? Run miniruby from gdb or run "gdb miniruby core" after segfault, and type "where" (without quotes, with return). -- Nobu Nakada Hi, At Wed, 12 Nov 2003 10:06:43 +0900, nobu.nokada@softhome.net wrote: > Run miniruby from gdb or run "gdb minirub...

tk.rb: incompatible change between 1.8.1 and 1.8.2
Hi all, The "can't dup Fixnum" error what I have mentioned in my previous post is caused by a change in tk.rb. The tk.rb in 1.8.1 has the following portion from line 657: module TkCore include TkComm extend TkComm unless self.const_defined? :INTERP if self.const_defined? :IP_NAME name = IP_NAME.to_s else name = nil #### ^^^^^^^^^^ ##################### end if self.const_defined? :IP_OPTS if IP_OPTS.kind_of?(Hash) opts = hash_kv(IP_OPTS).join(' ') else opts = IP_OPTS.to_s end else opts = &#...

Kerberos 1.9.1 locking issues
Since upgrading to 1.9.1, we are seeing a lot more locking issues. I've turned off success logging but I've still gotten "Cannot lock database" over 150 times this month on password changes. As we are in the process of having everyone change their password (over several months), I'm concerned that this is going to cause problems for us. Is anyone else seeing these kinds of issues? Are there any recommended ways to fix or help with this? thanks, ds Dave Steiner Rutgers University On Wed, 2011-06-22 at 15:09 -0400, Dave Steiner wrote: > Is anyone else seeing these kinds of issues? Are there any > recommended ways to fix or help with this? The database locking discipline is hardcoded and not configurable, but if you're able to recompile the code, simply bumping MAX_LOCK_TRIES in plugins/kdb/db2/kdb_db2.c to a larger value (from 5 to 15, say) might help. Without further analysis, I'm not sure whether your problem owes to changes in 1.9.1 and how much it's just due to increasing load. Changes to principals by kadmind requires an exclusive lock on the database, and trying five times at 1-second intervals could certainly fail if the KDC happened to have the database open for reading at five particular times. (It would be much more robust if we could get a blocking lock with a timeout. Unfortunately, I'm not aware of any good way to do that without using alarm signals, which isn't especially nice to do inside a library.) ...

lib/ruby/1.8/e2mmap.rb:51: Use Ruby 1.1 (RuntimeError)
Hi I am trying to start up my application on Windows Vista with Ruby 1.8.6 and the Oniguruma-Patch applied. It results in this error: lib/ruby/1.8/e2mmap.rb:51: Use Ruby 1.1 (RuntimeError) the full error message is: http://pastebin.com/U1T3SFK7 The app runs just fine on Linux with Ruby 1.8.6. Any hints are highly appreciated. Best Zeno -- Posted via http://www.ruby-forum.com/. It seems that lib/ruby/gems/1.8/gems/gd2-1.1.1/lib/gd2/canvas.rb:23 requires lib/ruby/1.8/matrix.rb:23 and that calls require "e2mmap.rb" and that will throw the error lib/ruby/1.8/e2mmap.rb:51: Use Ruby 1.1 (RuntimeError) is this a gd2 issue? gd2 loads just fine in irby C:\Users\zdavatz>irb irb(main):001:0> require 'rubygems' => true irb(main):002:0> require 'gd2' => true Best Zeno -- Posted via http://www.ruby-forum.com/. Ok, this issues is connected to: http://redmine.ruby-lang.org/issues/show/4156 Closing. Best Zeno -- Posted via http://www.ruby-forum.com/. ...

Ip-Address 1.1.1.1
A traceroute to 213.176.224.4 showed following results: # traceroute -In -m10 213.176.224.4 traceroute to 213.176.224.4 (213.176.224.4), 10 hops max, 38 byte packets 1 212.152.136.1 103.658 ms 99.452 ms 109.767 ms 2 212.152.151.2 99.646 ms 99.680 ms 99.821 ms 3 62.218.1.93 99.689 ms 109.665 ms 99.751 ms 4 212.152.192.182 99.762 ms 1359.690 ms 99.718 ms 5 193.203.0.72 104.398 ms 105.014 ms 109.781 ms 6 146.188.2.229 109.696 ms 109.733 ms 99.771 ms 7 146.188.14.113 119.710 ms 199.720 ms 209.720 ms 8 146.188.49.194 119.695 ms 129.663 ms 119.808 ms 9 1.1.1.1 109.731 ms 129.672 ms 119.772 ms 10 * * * 1.1.1.1? I thought that 1.0.0.0/8 is reserved by iana according to: http://www.iana.org/assignments/ipv4-address-space or do I understand something wrong here? thx Leopold In article <pan.2005.02.07.19.19.33.29091@utanet.at>, Leopold Schweighofer <leos@utanet.at> wrote: :A traceroute to 213.176.224.4 showed following results: : 8 146.188.49.194 119.695 ms 129.663 ms 119.808 ms : 9 1.1.1.1 109.731 ms 129.672 ms 119.772 ms :I thought that 1.0.0.0/8 is reserved by iana according to: :http://www.iana.org/assignments/ipv4-address-space :or do I understand something wrong here? No you are correct. It appears what has happened is that UUNet/PIPEX have a NATing device attached to them which has been set with an outside IP of 1.1.1.1. That works fine for receiving traffic, and...

Alignment of foo[1][1][1][1]
Suppose I have type 'foo' and: sizeof (foo) == 16 alignof (foo) == 2 Suppose I have type 'foo[1][1][1][1]' and: sizeof (foo[1][1][1][1]) == 16 Can: alignof (foo[1][1][1][1]) == 4 ? I'd like to think not, but is it prohibited? If I do: typedef foo bar[1][1][1][1]; bar * my_bar = malloc(sizeof *bar); foo * my_foo = (foo *) my_bar; certainly 'my_bar' points to an object whose alignment satisfies type 'foo'. But what about the other way around? typedef foo bar[1][1][1][1]; foo * my_foo = malloc(sizeof *foo); bar * my_ba...

ERROR IN EXPRESSION; -1 - (-1) not 1
The expression isn't a = 1 - (1-), but: a = -1 - (1) der <der@noemail.com> scribbled the following: > The expression isn't a = 1 - (1-), but: a = -1 - (1) Ah, that's different, then. Then the answer is: The result will be -2. You have *no* guarantees about which of -1 or (1) is evaluated first, but as they don't have side effects, you don't have to care. -- /-- Joona Palaste (palaste@cc.helsinki.fi) ---------------------------\ | Kingpriest of "The Flying Lemon Tree" G++ FR FW+ M- #108 D+ ADA N+++| | http://www.helsinki.fi/~palaste W++ B OP+ | \----------------------------------------- Finland rules! ------------/ "To doo bee doo bee doo." - Frank Sinatra ...

Web resources about - kpasswd and kerberos 1.8.1 - comp.protocols.kerberos

Kerberos (protocol) - Wikipedia, the free encyclopedia
MIT developed Kerberos to protect network services provided by Project Athena . The protocol is based on the earlier Needham-Schroeder Symmetric ...

Trekkies miss out after push to name Pluto moon 'Vulcan' fails; Kerberos and Styx chosen instead
BAD news, 'Star Trek' fans: Pluto's fourth and fifth moons have been named Kerberos and Styx, despite 'Vulcan' being the top suggestion.

Meet Pluto's smallest moons: Kerberos and Styx
Pluto's two smallest known moons have been officially named after characters associated with the underworld of Greek and Roman mythology.

Pluto's moons named Styx and Kerberos, despite vote for Vulcan
... Astronomical Union vetoed a public vote to name one of Pluto's two most recently discovered moons Vulcan and named the moons Styx and Kerberos. ...

Meet Styx and Kerberos, Pluto's newly named moons
... of new moons orbiting Pluto (at SETI's behest), it decided to do some planetoid naming, too. Today, SETI announced those names: Styx and Kerberos. ...

Microsoft Issues Emergency Patch for Kerberos Bug
The vulnerability could enable an attacker to elevate privileges. Microsoft recommends that organizations consider rebuilding their Windows domains. ...

Kerberos Productions Offers Expertise to President on the Weaponization of Outer Space
... game violence to the President and Vice-President of the United States, Sword of the Stars 1 & 2, Fort Zombie, and NorthStar developer Kerberos ...

The fourth and fifth moons of Pluto have officially been named Kerberos and Styx, respectively.
The fourth and fifth moons of Pluto have officially been named Kerberos and Styx , respectively. The Earth's moon is still named fucking "Aiden." ...

Poll For Pluto's Moons Closes, Vulcan and Kerberos Win - Geekosystem
First the SETI Institute put it up for vote, then the geeks and nerds swarmed the Internet, and now it's as certain as it can be before the International ...

Kerberos unleashed at last: Pluto’s dog-bone moon poses another mystery
NASA’s New Horizons probe has finally filled out its family portrait of Pluto and its moons – and Kerberos, the last moon to get its closeup, ...

Resources last updated: 3/10/2016 9:33:59 PM