Edward Irvine <[EMAIL PROTECTED]> wrote: > Has anyone else had trouble changing passwords from a Solaris client? > > I'm using the Solaris 10 version of kpasswd: > > /bin/kpasswd unsername > kpasswd: Changing password for [EMAIL PROTECTED] > Old password: <secrret> > kpasswd: Cannot establis a session with the Kerberos administrative > server for realm EXAMPLE.COM. Database error! Required KADM5 > principal missing. > > This works fine when I use the MIT Kerberos version of kpasswd.
See: http://docs.sun.com/app/docs/doc/816-5174/krb5.conf-4?a=view krb5.conf -> kpasswd_protocol option: Identifies the protocol to be used when communicating with the server indicated by kpasswd_server. By default, this parameter is defined to be RPCSEC_GSS, which is the protocol used by Solaris-based administration servers. To be able to change a principal's password stored on non-Solaris Kerberos server, such as Microsoft Active Directory or MIT Kerberos, this value should be SET_CHANGE. This indicates that a non-RPC- based protocol is used to communicate the password change request to the server in the kpasswd_server entry. <<CDC ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos