Bug 130950
Summary: | Cannot change kerberos passwords under FC2, works with RH9 | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jason Tibbitts <j> | ||||||||
Component: | pam_krb5 | Assignee: | Nalin Dahyabhai <nalin> | ||||||||
Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> | ||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | 2 | CC: | redhat-bugzilla | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | 2.1.2-1 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2004-08-31 14:49:49 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Jason Tibbitts
2004-08-25 23:12:44 UTC
Created attachment 103108 [details]
Log from working RH9 machine
Created attachment 103109 [details]
Log from FC2 machine failing to allow a password change
Just tried 2.1.1; it fails in the same manner. Also note that the kerberos server is running FC2 (krb-server-1.3.3-7). pam_krb5 is misinterpreting the 'use_authtok' keyword to also mean 'use_first_pass'. I pulled a copy of pam_krb5 from CVS and noticed you made some very
recent changes, so I hacked together an RPM and installed it on a test
machine.
Things seem to work much better now:
> passwd
Changing password for user tibbs.
Kerberos 5 Password:
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
It's odd that it's asking for "UNIX password", but I'll take it.
There is still an instance of
krb5_get_init_creds_password(kadmin/changepw.EDU) returned 5
(Input/output error)
in the logs; I'll attach a complete log from a successful password change.
Created attachment 103149 [details]
Log from successful password change
Wow, and I hadn't made a release yet. Thanks! The input/output error is typically going to be caused by an empty password being set either by the application or a previous module, though I don't know how one would have been set in your configuration. The pam_cracklib module is prompting for the new password. You can use the "type=" argument to change "UNIX" to whatever you like (or just "type=" to remove it). |