Description of problem: Taken from email: > ipa-passwd > - how is this different from kpasswd and when should we use one or the > other? > > - I tried this logged in as jsmith: > [redhat@darwin sbin]$ klist > Ticket cache: FILE:/tmp/krb5cc_500 > Default principal: jsmith > > Valid starting Expires Service principal > 01/23/08 17:50:34 01/24/08 17:50:30 krbtgt/AUSTRALIA.COM > 01/23/08 17:51:06 01/24/08 17:50:30 > HTTP/darwin.australia.com > > Kerberos 4 ticket cache: /tmp/tkt500 > klist: You have no tickets cached > [redhat@darwin sbin]$ ./ipa-passwd jsmith > Changing password for jsmith > New Password: > Confirm Password: > A database error occurred: Insufficient access: Insufficient access rights > > Does ipa-passwd only work for admin? > ipa-passwd talks XML-RPC. kpasswd talks to the KDC directly. They are probably interchangable. ipa-passwd should let you change your own password. Can you file a bug on this? We did a bunch of ACL changes after the initial development and it looks like the screws were turned a little too tight. Version-Release number of selected component (if applicable): ipa-server-0.6.0-2 How reproducible: Always?