Linux password via kerberos unable to reset

Question

When I try to reset a ldap user password from client machine I am getting the following error

$ passwd
Changing password for user demo.
Current Password:
New password:
Retype new password:
passwd: Authentication token manipulation error

From /var/log/secure

 May 31 15:49:31 host01 passwd: pam_sss(passwd:chauthtok): Password
  change failed for user demo: 22 (Authentication token lock busy) 
 May 31 15:49:31 host01 passwd: pam_krb5[27418]: no password-changing
  credentials for 'demo@LDAPSERVER.NET' obtained, user not known

This user exists in ldap server and kerberos database(principal).

Please advise.

Please edit the contents of `/etc/pam.d/passwd` and its associated includes into your question. — 84104, May 31 '18 at 21:42
if you use kpasswd insteadd of passwd? This will change the user password using the kerberos protocol tools. — natxo asenjo, Jun 08 '18 at 06:38
Decided to go with out sssd. All works fine with out sssd. Thanks for the comments. — Dino Daniel, Jun 08 '18 at 14:51
cat /etc/pam.d/passwd # cat /etc/pam.d/passwd #%PAM-1.0 auth include system-auth account include system-auth password substack system-auth -password optional pam_gnome_keyring.so — Dino Daniel, Jan 24 '19 at 15:58

score 0 · Answer 1 · answered Jun 02 '21 at 16:49

0

Ensure that the port 464 (tcp or udp) for the service kpasswd is open in your freeipa server's firewall.

answered Jun 02 '21 at 16:49

Hexdump

36
1

Linux password via kerberos unable to reset

1 Answers1