I have created several cross-realm trusts on a test server. At this point,
nearly everything is working properly. However, users are unable to change
their passwords unless their account is in the initial domain. Users see the
following when attempting it from the initial domain:
# kpasswd
Password for [EMAIL PROTECTED]:
Enter new password:
Enter it again:
Password changed.
#
Unfortunately, following happens for additional domains:
# kpasswd
Password for [EMAIL PROTECTED]:
Enter new password:
Enter it again:
Authentication error: Failed reading application request
#
An strace of the kadmind daemon during a failed request shows the following:
Process 1123 attached - interrupt to quit
select(8, [6 7], NULL, NULL, {10, 890000}) = 0 (Timeout)
select(8, [6 7], NULL, NULL, {15, 0}) = 1 (in [7], left {12, 140000})
recvfrom(7, "\2\37\0\1\1\272n\202\1\2660\202\1\262\240\3\2\1\5\241\3"...,
1500, 0, {sa_family=AF_INET, sin_port=htons(2051),
sin_addr=inet_addr("10.0.1.7")}, [16]) = 543
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 10
connect(10, {sa_family=AF_INET, sin_port=htons(2051),
sin_addr=inet_addr("10.0.1.7")}, 16) = 0
time(NULL) = 1188946658
close(10) = 0
sendto(7, "\0\207\0\1\0\0~\1770}\240\3\2\1\5\241\3\2\1\36\244\21\30"...,
135, 0, {sa_family=AF_INET, sin_port=htons(2051),
sin_addr=inet_addr("10.0.1.7")}, 16) = 135
select(8, [6 7], NULL, NULL, {15, 0} <unfinished ...>
Process 1123 detached
Any ideas? What further information would assist in identifying the issue?
Has anyone else encountered this?
There doesn't seem to be much helpful documentation on cross-realm
authentication or how it should be setup. Thanks in advance!
Tony
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
