Hi all, I have installed a new Kerberos server under RHEL9. All it is working ok, except when I try to create users. All users are created with "+needchange" flag enabled to force to the user to change own password.
At first user login, kerberos server reports password has expired: 2024-04-19T08:38:20.946335+00:00 rhelidmsrv01 krb5kdc[21392]: AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 172.19.11.14: REQUIRED PWCHANGE: us...@mydom.org for krbtgt/mydom....@mydom.org, Password has expired 2024-04-19T08:38:20.946413+00:00 rhelidmsrv01 krb5kdc[21392]: closing down fd 13 2024-04-19T08:38:20.946712+00:00 rhelidmsrv01 krb5kdc[21392]: AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 172.19.11.14: NEEDED_PREAUTH: us...@mydom.org for kadmin/chang...@mydom.org, Additional pre-authentication required 2024-04-19T08:38:20.946747+00:00 rhelidmsrv01 krb5kdc[21392]: closing down fd 13 2024-04-19T08:38:20.950691+00:00 rhelidmsrv01 krb5kdc[21392]: AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 172.19.11.14: ISSUE: authtime 1713515900, etypes {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha384-192(20), ses=aes256-cts-hmac-sha1-96(18)}, us...@mydom.org for kadmin/chang...@mydom.org But in the client side, user can login without problems and no password change is requested. Any idea? maybe do I need to reconfigure something in sever side? Best regards, C. L. Martinez ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos