[Bug 826989] Re: Cannot change Kerberos password with passwd(1)

Daniel Richard G. skunk at iskunk.org
Tue Aug 16 01:15:25 UTC 2011 

Much appreciated, Russ. The only way the current stock config makes
sense to me is if Steve intended for the local Unix password to be kept
in sync with Kerberos, which isn't how things are supposed to work. (And
conversely, Kerberos plus a disabled Unix password *should* work.)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libpam-krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/826989

Title:
  Cannot change Kerberos password with passwd(1)

Status in “libpam-krb5” package in Ubuntu:
  New

Bug description:
  This concerns libpam-krb5 version 4.2-1 in Ubuntu Natty, and is a
  revisiting of an issue previously addressed in bug 334795.

      $ passwd
      Current Kerberos password: 
      passwd: Authentication token manipulation error
      passwd: password unchanged

  Previous reports I've filed described issues encountered on an Ubuntu
  installation configured to use Kerberos, LDAP and AFS, a large number
  of moving parts which tended to confuse the issue at hand. This time,
  however, I've managed to reproduce the bug on a minimal Ubuntu
  install, with libpam-krb5, and a local user (uid=1000) with the same
  name as an existing Kerberos user. The Kerberos and PAM configs are
  stock; Kerberos server information is being pulled from DNS. LDAP and
  AFS are completely out of the picture.

  I can log into the system as the Kerberos user without issue, but if I
  attempt to change the password, I get the above error. If I add the
  "debug" option to the pam_krb5 invocation in /etc/pam.d/common-
  password, and then try again, I see this in /var/log/auth.log:

  Aug 15 17:46:31 test-linux passwd[935]: pam_krb5(passwd:chauthtok): pam_sm_chauthtok: entry (0x4000)
  Aug 15 17:46:31 test-linux passwd[935]: pam_krb5(passwd:chauthtok): (user dgomez) attempting authentication as daniel at EXAMPLE.COM
  Aug 15 17:46:34 test-linux passwd[935]: pam_krb5(passwd:chauthtok): pam_sm_chauthtok: exit (success)
  Aug 15 17:46:34 test-linux passwd[935]: pam_unix(passwd:chauthtok): authentication failure; logname=daniel uid=1000 euid=0 tty= ruser= rhost=  user=daniel

  
  So, what's the deal with this error?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-krb5/+bug/826989/+subscriptions

More information about the foundations-bugs mailing list