[Bug 826989] [NEW] Cannot change Kerberos password with passwd(1)
Daniel Richard G.
skunk at iskunk.org
Mon Aug 15 21:54:48 UTC 2011
Public bug reported:
This concerns libpam-krb5 version 4.2-1 in Ubuntu Natty, and is a
revisiting of an issue previously addressed in bug 334795.
$ passwd
Current Kerberos password:
passwd: Authentication token manipulation error
passwd: password unchanged
Previous reports I've filed described issues encountered on an Ubuntu
installation configured to use Kerberos, LDAP and AFS, a large number of
moving parts which tended to confuse the issue at hand. This time,
however, I've managed to reproduce the bug on a minimal Ubuntu install,
with libpam-krb5, and a local user (uid=1000) with the same name as an
existing Kerberos user. The Kerberos and PAM configs are stock; Kerberos
server information is being pulled from DNS. LDAP and AFS are completely
out of the picture.
I can log into the system as the Kerberos user without issue, but if I
attempt to change the password, I get the above error. If I add the
"debug" option to the pam_krb5 invocation in /etc/pam.d/common-password,
and then try again, I see this in /var/log/auth.log:
Aug 15 17:46:31 test-linux passwd[935]: pam_krb5(passwd:chauthtok): pam_sm_chauthtok: entry (0x4000)
Aug 15 17:46:31 test-linux passwd[935]: pam_krb5(passwd:chauthtok): (user dgomez) attempting authentication as daniel at EXAMPLE.COM
Aug 15 17:46:34 test-linux passwd[935]: pam_krb5(passwd:chauthtok): pam_sm_chauthtok: exit (success)
Aug 15 17:46:34 test-linux passwd[935]: pam_unix(passwd:chauthtok): authentication failure; logname=daniel uid=1000 euid=0 tty= ruser= rhost= user=daniel
So, what's the deal with this error?
** Affects: libpam-krb5 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libpam-krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/826989
Title:
Cannot change Kerberos password with passwd(1)
Status in “libpam-krb5” package in Ubuntu:
New
Bug description:
This concerns libpam-krb5 version 4.2-1 in Ubuntu Natty, and is a
revisiting of an issue previously addressed in bug 334795.
$ passwd
Current Kerberos password:
passwd: Authentication token manipulation error
passwd: password unchanged
Previous reports I've filed described issues encountered on an Ubuntu
installation configured to use Kerberos, LDAP and AFS, a large number
of moving parts which tended to confuse the issue at hand. This time,
however, I've managed to reproduce the bug on a minimal Ubuntu
install, with libpam-krb5, and a local user (uid=1000) with the same
name as an existing Kerberos user. The Kerberos and PAM configs are
stock; Kerberos server information is being pulled from DNS. LDAP and
AFS are completely out of the picture.
I can log into the system as the Kerberos user without issue, but if I
attempt to change the password, I get the above error. If I add the
"debug" option to the pam_krb5 invocation in /etc/pam.d/common-
password, and then try again, I see this in /var/log/auth.log:
Aug 15 17:46:31 test-linux passwd[935]: pam_krb5(passwd:chauthtok): pam_sm_chauthtok: entry (0x4000)
Aug 15 17:46:31 test-linux passwd[935]: pam_krb5(passwd:chauthtok): (user dgomez) attempting authentication as daniel at EXAMPLE.COM
Aug 15 17:46:34 test-linux passwd[935]: pam_krb5(passwd:chauthtok): pam_sm_chauthtok: exit (success)
Aug 15 17:46:34 test-linux passwd[935]: pam_unix(passwd:chauthtok): authentication failure; logname=daniel uid=1000 euid=0 tty= ruser= rhost= user=daniel
So, what's the deal with this error?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-krb5/+bug/826989/+subscriptions
More information about the foundations-bugs
mailing list