change NT passwords Kerberos

bryantac67_at_yahoo.com
Date: 07/30/03

Next message: James Poland: "Windows XP "write attributes" permission for Users"

Previous message: Leo, Joel: "RE: IAS as a RADIUS server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 30 Jul 2003 14:12:02 -0700 (PDT)
To: focus-ms@securityfocus.com

Hi,

I am using Kerberos to authenticate against our AD (it
has Kerberos setup on it). I am able login fine and
everything, but I cannot change my password. This is
the error I get:

Jul 29 11:11:19 passwd[7437]: (pam_krb5)
pam_sm_authenticate: krb5_get_init_creds_password: KDC
can't fulfill requested option
Jul 29 11:11:19 passwd[7437]: (pam_krb5)
pam_krb5_get_authtok: Authentication failure
Jul 29 11:11:19 passwd[7437]: (pam_krb5)
pam_sm_chauthtok: pam_krb5_get_authtok returns
Authentication failure
Jul 29 11:11:19 passwd[7437]: (pam_krb5)
pam_sm_chauthtok: result for user `xxxx':
Authentication failure
Jul 29 11:11:19 passwd[7437]: User xxxx:
Authentication failure

I looked around a little, and I read that the ticket
need to be forwardable and renewable. I tried adding
these options to my pam, but it made no difference. I
don't know what version of Kerberos is installed on
our AD, but the clients are running Heimdal. Is there
anything I need to do to fix this problem?? There is
a patch for Heimdal - MIT interoperability, and I've
installed it, but still no success. Any ideas??? Any
help is much appreciated.

Thanks,
Aaron

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------

Next message: James Poland: "Windows XP "write attributes" permission for Users"

Previous message: Leo, Joel: "RE: IAS as a RADIUS server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Kerberos machine authentication - apparent authentication fail
... until a user logon event. ... the Netdiag utility will show the Kerberos error in this scenario ... On these machines I ... me a plausible starting point to solve my Kerberos authentication problem. ...
(microsoft.public.windows.server.security)
Re: Kerberos machine authentication - apparent authentication fail
... I just wanted to let you know there is a known bug in netdiag that reports ... >> mean that kerberos authentication is not being used. ... Three machines are workstations and three are ...
(microsoft.public.windows.server.security)
Re: Kerberos machine authentication - apparent authentication fail
... I installed the Resource Kit. ... > mean that kerberos authentication is not being used. ... Three machines are workstations and three are ...
(microsoft.public.windows.server.security)
Re: Kerberos machine authentication - apparent authentication fail
... Kerberos result when I hardwired a laptop to a switch port. ... to authenticate with K on reboot AND authentication appears to take place ... > denied access until you can authenticate to a domain controller as a user. ... > You should have logging of account logon events enabled in Domain Controller ...
(microsoft.public.windows.server.security)
Re: Kerberos machine authentication - apparent authentication fail
... Subsequent Netdiag attempts after a reboot show the failed Kerberos ... >>> mean that kerberos authentication is not being used. ... >>> computer for logon events and the domain controller for account logon ...
(microsoft.public.windows.server.security)