This is what I get now a=in the krb5_child.log after setting the debug_level

Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [unpack_buffer]
(0x0100): ccname: [FILE:/tmp/krb5cc_710600001_XXXXXX] keytab:
[/etc/krb5.keytab]
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
from environment.
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]]
[set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [k5c_setup_fast]
(0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/
qa-dummy-int.test....@test.com)]
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [match_principal]
(0x1000): Principal matched to the sample (host/
qa-dummy-int.test....@test.com).
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [check_fast_ccache]
(0x0200): FAST TGT is still valid.
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [main] (0x0400):
Will perform password change
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [changepw_child]
(0x1000): Password change operation
(Mon Jan 12 09:51:14 2015) [[sssd[krb5_child[21709]]]] [changepw_child]
(0x0400): Attempting kinit for realm [TEST.COM]



On Mon, Jan 12, 2015 at 2:31 PM, Lukas Slebodnik <lsleb...@redhat.com>
wrote:

> On (12/01/15 14:12), Rakesh Rajasekharan wrote:
> >The sssd version is 1.11.6
> >
> >The password does not get changed, whatever password gets generated by ipa
> >user-mod --random stays valid even after attempting the change.
> >
> >krb5_child.log does not have any contents.
> The logging in sssd is dibsabled by default. You need to increase level of
> verbosity.
>
> Put debug_level = 7 into domain section and restart sssd.
> It is also possible to change debug level on the fly with comand line
> utility
> sss_debuglevel (part of pacakge sssd-tools)
>
> LS
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to