The SSH host key has changed on 8 April, 2022 to this one: SHA256:573uTBSeh74kvOo0HJXi5ijdzRm8me27suzNEDlGyrQ
Sources of the site gergely.polonkai.eu, Jekyll version
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

1.3 KiB

Fedora can’t change Active Directory password via kpasswd

date

2013-03-05T08:55:04Z

category

blog

tags

fedora,kerberos,active-directory

url

blog/2013/3/5/fedora-can-t-change-active-directory-password-via-kpasswd.html

save_as

blog/2013/3/5/fedora-can-t-change-active-directory-password-via-kpasswd.html

status

published

author

Gergely Polonkai

I wanted to change my AD password today. As the AD is actually a Kerberos server, I was pretty sure that kpasswd will do the trick. However, kpasswd output looked like this:

$ kpasswd
Password for polonkai.gergely@EXAMPLE.LOCAL:
Enter new password:
Enter it again:
kpasswd: Cannot find KDC for requested realm changing password

I’ve checked kinit and klist, everything looked fine. After a while it came to my mind that password changing is done through the kadmin server, not through the KDC. It seems that when I set up the Active Directory membership, the admin_server directive is not get written to krb5.conf. So all I had to do was to put

admin_server = ad.example.local

in that file, and voilà!

$ kpasswd
Password for polonkai.gergely@EXAMPLE.LOCAL:
Enter new password:
Enter it again:
Password changed.