lunt@ctt.bellcore.com (Steve Lunt) (02/23/90)
I have been having some weird problems in attempting to bring Kerberos up on my network. I cannot change my password using the kpasswd facility. Below is the error message: ------------------------------------------------------------------------------- $ /usr/athena/klist Ticket file: /tmp/tkt338 Principal: lunt@CTT.BELLCORE.COM Issued Expires Principal Feb 22 14:14:07 Feb 22 19:14:07 krbtgt.CTT.BELLCORE.COM@CTT.BELLCORE.COM $ /usr/athena/kpasswd Old password for lunt: lrealm is CTT.BELLCORE.COM krb_udp_port is 60930 Getting host entry for dduck.ctt.bellcore.com...Got it. Sending message to 128.96.128.63...Sent Waiting for reply...received packet from 128.96.128.63 Received it Clen is 120 New Password for lunt: Verifying, please re-enter New Password for lunt: ./kpasswd: Could not connect to server attempting to change password. Password NOT changed. ------------------------------------------------------------------------------- Do you know what is wrong here? I was able to get a ticket from the Kerberos server (as evidenced from the output of klist), but kpasswd seems not to be able to connect to that server. Is there some other server I need to define somewhere? I have also found several other inadequacies with Kerberos: 1. The operation guide neglected to inform me that, apparently (after pouring through source code), you need to create a "changepw" principal via kdb_edit in order to use kpasswd. The error message caused by this was not indicative of the problem. 2. There is no utility to list all entries in the Kerberos master database (a sort of /usr/etc/kdb_list). I have written one, using kdb_edit and kdb_util as models. 3. There is no utility to delete an entry from the Kerberos master database (a sort of /usr/etc/kdb_del). -- Steve Steven J. Lunt RRC-1K227B Computer Security Technology 444 Hoes Lane Bellcore Piscataway, NJ 08854 lunt@ctt.bellcore.com (201) 699-4244
tai@IAG.HP.COM (Tai Jin) (02/23/90)
Do you know what is wrong here? I was able to get a ticket from the Kerberos server (as evidenced from the output of klist), but kpasswd seems not to be able to connect to that server. Is there some other server I need to define somewhere? I don't know about your kpasswd problem. I've modified kadmin to allow users to change their passwords instead of using kpasswd. 1. The operation guide neglected to inform me that, apparently (after pouring through source code), you need to create a "changepw" principal via kdb_edit in order to use kpasswd. The error message caused by this was not indicative of the problem. The changepw principal should have been created by kdb_init. 2. There is no utility to list all entries in the Kerberos master database (a sort of /usr/etc/kdb_list). I have written one, using kdb_edit and kdb_util as models. You can say "kdb_util dump file" and look at the file. 3. There is no utility to delete an entry from the Kerberos master database (a sort of /usr/etc/kdb_del). You can say "kdb_util dump file; edit file; kdb_util load file". I do this in a script. ...tai