Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"I'm growing older, but not up." -- Jimmy Buffett

devel / comp.protocols.kerberos / Force to change password for users

SubjectAuthor
o Force to change password for usersCarlos Lopez

1
Force to change password for users

<mailman.91.1713528372.2322.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=543&group=comp.protocols.kerberos#543

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: clo...@outlook.com (Carlos Lopez)
Newsgroups: comp.protocols.kerberos
Subject: Force to change password for users
Date: Fri, 19 Apr 2024 12:06:05 +0000
Organization: TNet Consulting
Lines: 18
Message-ID: <mailman.91.1713528372.2322.kerberos@mit.edu>
References: <PRAP251MB056715F9F72A4C47C0AE558CDB0D2@PRAP251MB0567.EURP251.PROD.OUTLOOK.COM>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="2921"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: "kerberos@mit.edu" <kerberos@mit.edu>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=m1muu1tV;
dkim=fail reason="signature verification failed" (2048-bit key,
unprotected) header.d=outlook.com header.i=@outlook.com header.a=rsa-sha256
header.s=selector1 header.b=I71YdP4q
ARC-Seal: i=3; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=fx4zMnqtvLVrMPhPos/UmnfZhk3HM2M0Vm7XRAE3DY9FLIC+NUzuSDM5lQj4DMgJlT+xi52iVMP/ZUtdwx7J1JqcEXLHJzuYUvBlfjm3mZBJJkr3SZ6RDeEpVWTzzjE9yy/GbiT64LPRF8ThTNHWFEuoFvX9+HerBKPByTTW5nDHypmGts+M2f0zaDqReovf1CNW5PYYss6sTXNoadb5ZaSSiUem4oTx9i2DLnOjy2H3joPd1kh+K4x4YXAP+Av6spi9QdAVpvlnioOgBNIWNR7h+Xm3Z7p1l5PabEFOiTCVAvBtn6XrN/DvaFtSG+WxOVbkZ6Xqg33KXB4Y50zVxA==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=q2P7AEYp7Z5B9RVy+Ha6hC9nU8MtVQs2Hz7sdj3CnHc=;
b=CFoA7bMqMkXcUaQc0pEZ2V+0vPQSUwVkzNhZRbHC/rWQqVd620qjXwBOb1O7YDCCWQ11wtM+dT4HGrMIsdnGAFoPl5SVdpBh16gOeGOkaT0kHXbPgIV7vQJz9p4Q/ZjGbaE5OtwcDZDZbqPIIW89eZuw0cld6Uip6buhodGQPQv8/U2EhUzcoAuYS2IozMp2cSvwOXI+YnAuiXG7fwLYuhUTzPdO6ajhaDHsKjboKZAwK+1bcj3iia4i/cwFtX/bJ3iXzw03mlg982x4LmlrMUvoxeH1LIqxF1E5QuRNjD/4IAbK8cNolaOXtNeAsDXGMy9sEnIvMPw6jsRNfuqCOw==
ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=pass (sender ip is
40.92.75.11) smtp.rcpttodomain=mit.edu smtp.mailfrom=outlook.com; dmarc=pass
(p=none sp=quarantine pct=100) action=none header.from=outlook.com; dkim=pass
(signature was verified) header.d=outlook.com; arc=pass (0 oda=0 ltdi=1)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=q2P7AEYp7Z5B9RVy+Ha6hC9nU8MtVQs2Hz7sdj3CnHc=;
b=m1muu1tVr29xlH1PYSihk/wx1l/R56RCmDwaNArhdFT3NwaIlmh7n0GTFLgGOv4Jqc50Ng1U3A/Rr6g2xPkF9CsNd5leG1RbpHPQ8zjM1W9j8DhCk+gn/AfsIQsSvruu5X3GTWEHkXMvbTvCaORmA2wBGo17xR3Cq3Q7caq6Htg=
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=kj9MCm/14T1CZLj8Zd29IlqA6nDj8qjLR1v0mfY4IZveLhFqN2SP4e9CuttCvlc68zOfgBx+0KbHhiOMpg5JFeI0uXBi8EUxzAOug+aeSkLnRaeOAgmagjRvTyP2A8snfk03Bkd+VDJSQxc1CZww10Wf9bWl4yZ/LVek+C+41C/NLo3fn7g92HGm/PRk+oHDgsap933LTnbwx8QriCEYHH6FG5Cp9BhPc5cUiCaPxKlcvFxb31VUf0YWySDkNGsVf+T/b5YqpsfH9qKCHpMN4Jl48XIdT1SEi6Dxm9t+u30DQlrCjhWRUbYw29gng7yW2NfbsSLNu+8YAPDLN+51QA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=q2P7AEYp7Z5B9RVy+Ha6hC9nU8MtVQs2Hz7sdj3CnHc=;
b=H8DrLc2WCKdbmjru/1/y+MEd4PnY0lTH4hvztJ0eU84EqRThKPUm/TN++t7QhcT7fIs3QIANVrVXdsPcz2ZNYd6ogh9Ks5wddgnbnAojKqgWNXFUNy6Nj7UpyUfucnEJe4ssHk9Z7r0pMraxsOgCGmyhiUOqT/zUhiBWDRsA2EsBxZknhk61yIre6RMlcV2zaKZfp3Y/SCZo3gy5G+0cvoW1Kmj/dnpJmkij+rn/vyfDTEOcOBvbHT550B7XHJTp77wbXjD9MdT1pNDVkG8Xeo1Likccfzc/y8Q2gJ+lEEfsrqfUEp0AoJzbbJW/VoR6hKvdiBZOoxWQvPNsiswP+A==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
40.92.75.11) smtp.rcpttodomain=mit.edu smtp.mailfrom=outlook.com; dmarc=pass
(p=none sp=quarantine pct=100) action=none header.from=outlook.com; dkim=pass
(signature was verified) header.d=outlook.com; arc=pass (0 oda=0 ltdi=1)
Authentication-Results: spf=pass (sender IP is 40.92.75.11)
smtp.mailfrom=outlook.com; dkim=pass (signature was verified)
header.d=outlook.com;dmarc=pass action=none header.from=outlook.com;
Received-SPF: Pass (protection.outlook.com: domain of outlook.com designates
40.92.75.11 as permitted sender) receiver=protection.outlook.com;
client-ip=40.92.75.11; helo=EUR04-VI1-obe.outbound.protection.outlook.com;
pr=C
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=XhkqaCcm/a1mDRLrFEvCw2Zmiw9jWneBIm+GP+diEtpmxgfq1CKjnq2ZOxkZMQl0v6mbMq3FH2ZINFIbw54yBAXoq2KTXMKqM4LgH6tPRr4JrqNYlEp2wfxqFHcNSCutZfxoeCdJLqC0b4osdevx0eS8OI45UBloP335D1OHa248mPDziUxtrTjd9a7qSM8k3jIhze04cpmQz6W8CimukwStjwpI2klDSM2+rMqk7lESqyqTAYbJ59HMwvTVxLSNvJM0PL1HMBmxm8AHm9X1DWBPNMrq3bEw4MGsJZGleNHoqAWC8fZv0TvCy4rbyQNASuoKkOuzZnv3EmvzzMnQbw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=q2P7AEYp7Z5B9RVy+Ha6hC9nU8MtVQs2Hz7sdj3CnHc=;
b=CrAYb4k0Zqbb3vG6TX35wxx5w4BmBflljVNtBPAWdHt9ZixIQTjjBw84V22f1pfGxkiS0FinTm98dTh0ZcDBJhJcnjLZV+Zf+hive0+eeBXnI5SBMz9ZKCGtGfkA2ODLnMKwfp/rzyryiqgiqTPcurON0yXxHZ9VCL7h2dtLhaBC+2oubtYY03m8c1p09Qa8voKpcuG6EnQG+jlAQuwigIX7VzMf+9WggfI9eejicnRzEH+DVfE+jUTCOcCLQ7FKTowehCDMUs81OMs/7wHxL2hmCL/mrbPFARQVCBsxv2kYmTWJF9SEwWquIfvPAquU4JJ2au2ZKeHRwabsRGQgEw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=q2P7AEYp7Z5B9RVy+Ha6hC9nU8MtVQs2Hz7sdj3CnHc=;
b=I71YdP4qlIdonw7vMIujS8I+OGaXUdzQqnjFfhyAsfUSdkR65WYhdPaB7hovCgSJAM5PkKSAGg6kH1tTJa36k6d7RiR3a9J8ACyBYvmzqv5ByVAKc0bEdCqoA2O5NRQMXp0+5rrpTNt+mKLMF+llxlhGQ1RPMhAEMVdg0k5ZZQpcQtsXa2YXos4mBq6vsxw2Gdm+qQ+aSfamjmJA1DBG2pLqQNYhEG8eJD5N1fAZNCa0ulOm90R6zCeL9qmUQIHbhxn3wqFo6D+HNrbx/Hb7HCErp9nGSBLkSmXjhbLu0gZTcPgRAeINVsbfOe7Cv0ORRYozP/cx1xBOQICHD0zTxg==
Thread-Topic: Force to change password for users
Thread-Index: AQHaklE0ss3MXm/VO0u6/yEaPDdcdg==
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [Ev3zSO1U4vn+Pb47FNLxnDcxZ+D3e6xo]
x-ms-traffictypediagnostic: PRAP251MB0567:EE_|DB9P251MB0450:EE_|CH2PEPF0000013F:EE_|MW4PR01MB6322:EE_
X-MS-Office365-Filtering-Correlation-Id: 58c82133-ba77-4ca3-cefc-08dc606918ce
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: b+AV1Q4dRlndsyscYKDfNgzNTOAHCg12WmIQCmX1Lflo2TQeFLkYP3rEA8hDzZ1WAtWXlNcOut0qiurhawoKp5NNdx1nD2aqRAlriS3Y12/e9wNz3KcumN4oQqruDYsWTNm09f+0tzKPu5ikraJLVTSlFvHpDTlLfabJGxNOnLu8cuIWRHQr42PIdzRvqoxxbEIreiWmAgZbOXAc/PToyXkgCfmgPMD0f2QucQ5HmMAGjOIvzun9KepxIF24Cq5Wl2WjyzASOWsFNuXZXI15tp3WQSzrZPETIVmX70tPX8r0pJLUbVbbIIxzJuYEiIAuYbyvDNZrAxftlNCqk6URAKt+pZEVAgsNnk4eS9giH4sQaqmvKli/a3iPtIOEdL1qgx2VE6ulg+t1fbkaNGYJxua0ZhWrH+IEbPM4kmZmCfGyEFPmsBbPMCObvVb638ZZ40GMc8yzhs64c3hOUBn3LPgqo57qOs/bsQJsEX+Jn0b1tHEN6u76W71fvTUxiRLhd+k/bzp52htMQsqw7jGpawExDHjAnubQDx0WXPGQIRTOZf7DR9DNnwyXsnoY+eiT
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: gFrKych3grDhoaMgLG4kZbWXsqo9ubXlkvr1luvAIVVSXtXgdHdmF2WItv
aWYe8YXrnmqEF1ls77rxTo3kNStrnbty3GkPvjsR90D2T0m44IG8zcihpN
rLkSBYUM4a01AdAEvXeaNV3+hWLT3unTiD1FqBXcejWOu3KoOuDR9axQmX
V4OzGbwiVjQhOuc8WhYB7K61AfZY/catMGsvQHhxdlZmgoBymhC8E5xETs
Dbl0BbtdAcjOPesBzvv/6kSJcgSzESaslZD2uRli7R6h8yiKBbH8Byl1yF
XDdofO2B21yy/OnJJi2EpiegUt3fkkkVDaEauT7TxOfFdll0GS34zWLD+8
h2lKL5NPytw/vvskZ1XUl+LIhLSNHbqrSqZzvo5Nz8MdfKJs2QO/RJkk8M
eQdPn1BqjxQCrzM2W/w/9ELhitsmpCMsi12ySCZSRhTp/z+dqHUgJwk3r8
cimf2WSBnfh7xK4GEFsnDHuR2c5e4piQgbiAyzWb7H/ayaAxstzI2bRbDt
myZgKIgMwcpvHpY7SdC2VfyaR4tT+MuFet8oVn86VQkkF6SLyhpv7X0W3Y
lsd6ckOt8DCCedYa7/Kjin02GvSPkEtvCKcgMobpZFIisYOPSD88ftwXF6
kuUrVtanh+GnJCr7VLBOwWEEyhX2rOrIFenya6JaTpRZsE1JYB0s9i0sVU
+2kmfkqpm/26nxRrv8S42ZItapT7xwLEX3ubAVqZPRddI0qW+BEpbEHlTQ
X+geFuFO6/q7x/wr4kymfP2petwzrkrvIwPvWiBIR/KDHPMjNV/ZPiA76N
nfz7hUQz2zxvexw4ZOoF5tzPxrnZZsfHdbPsXoKQejgwAQDX1DHpEsD0Lz
hm6aTPH+GMXqAFgYUh64+QS3slaDCplnKndX3IZFTcHrBJ7bo3Gxcs8WQt
agagODc19yxEs0DMhFMAN3iCDuknx4kEMtFRMs80lEE/TmXhOctfzVQH9Q
+fYGfbFEZKWwl2qMzfXeW3eAJyFbu0V1JA4UB9QOjlc5q5NqYQpkYK90c+
euzdpl96mebs2q7o2a2EZ4Lo5TFu4f5Hd8Nyf9DKnmCS3si0qxmkUdgg2i
4aHFKl3ob82IKV5w7gjIE5raoiELPBAHgbO8VJY/skYsx40jbjh2VMKzEA
MUkDz7pnaEX/Oy5FnuyIhrF4rHPtPrWLb3a2Y+5IyO//PqxRlmqSpbDrM0
MIdUWjZniUfv9dzzcYJA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9P251MB0450
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: CH2PEPF0000013F.namprd02.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: CH2PEPF0000013F.namprd02.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 90ac5ce6-40ec-41b2-5929-08dc6069173d
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Mh6tGvggWXcSvIaFDIcfGpLvrnrCQl92xqdYnAd6TmGgVuuI7lwpXL9pljY0bHnXJ3BOJR3Bo+BIvP0022kSJO5kdaNLvF1MHCQAcKVbWsAqMVXg/AEnxV94eLHDQZwzr+mqJ5g0KPMn8cUKAOJpJD+I67V/HzLRaXZiBrvYB74ffV4eR5gwBOVBXDNDjIZpotNzD/L79RFsWWnhAIrwcLoMlj2/42EOxdV62yHrDXyzuJNx9L8EB0RRov2RXnqitMylp9epkct7ulewgLyc+DqmJd8/jQpKHpcH36QJklbgCiGUpvP5oa5reli7D3jTRjvCtv0s4E44zkPudHZOHo1+AfB2ShkraK6Gq5OEkOB9FmBM8qjoQC9yk7aVz/plA39rR+TvYUqT64PvEsccWfrMvD59AdZ/Ra1q2pDKX9yl24/bTDVglEe4o0n8Rsunfl+nw2a7spGdNQrl+5SsdIkvTzWNqnytYhf59rKT6tFfL0tJpNldEX4axJxw8VhyQIqFQKe+E31mtdGhZKi4+k8v+xRGv1uAVaXQ5fzdUiQqUUX4FdutIxMSXAuTLEilHU0xaYvXBs7u7kPylcQWRsHEJULxLtAqbTcroSrwZPZH5jumSt0lIW8yaKJhI1PoqxUhu8w8oxXLEN8khhTIVJg/J9aT76eBzLOOG35Bcgy2ixdPxjDRB4DgDS0YKl1kwvD5suUV1FiqFCwdEgDoVOU7FbsgRCOXcCTUckNtuHGjsYaS588/XhkwJX3Bs9sIQjr5/Gmm5xbApD6B7HCTJMdNA1OX56PzYXJ8vqGR8Xg=
X-Forefront-Antispam-Report: CIP:40.92.75.11; CTRY:AT; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:EUR04-VI1-obe.outbound.protection.outlook.com;
PTR:mail-vi1eur04olkn2011.outbound.protection.outlook.com; CAT:NONE;
SFS:(13230031)(7093399003)(48200799009)(61400799018)(376005); DIR:OUT;
SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Apr 2024 12:06:08.0681 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 58c82133-ba77-4ca3-cefc-08dc606918ce
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF0000013F.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR01MB6322
X-MIME-Autoconverted: from quoted-printable to 8bit by mailman.mit.edu id
43JC6A2f1908249
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <PRAP251MB056715F9F72A4C47C0AE558CDB0D2@PRAP251MB0567.EURP251.PROD.OUTLOOK.COM>
 by: Carlos Lopez - Fri, 19 Apr 2024 12:06 UTC

Hi all,

I have installed a new Kerberos server under RHEL9. All it is working ok, except when I try to create users. All users are created with "+needchange" flag enabled to force to the user to change own password.

At first user login, kerberos server reports password has expired:

2024-04-19T08:38:20.946335+00:00 rhelidmsrv01 krb5kdc[21392]: AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 172.19.11.14: REQUIRED PWCHANGE: user1@MYDOM.ORG for krbtgt/MYDOM.ORG@MYDOM.ORG, Password has expired
2024-04-19T08:38:20.946413+00:00 rhelidmsrv01 krb5kdc[21392]: closing down fd 13
2024-04-19T08:38:20.946712+00:00 rhelidmsrv01 krb5kdc[21392]: AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 172.19.11.14: NEEDED_PREAUTH: user1@MYDOM.ORG for kadmin/changepw@MYDOM.ORG, Additional pre-authentication required
2024-04-19T08:38:20.946747+00:00 rhelidmsrv01 krb5kdc[21392]: closing down fd 13
2024-04-19T08:38:20.950691+00:00 rhelidmsrv01 krb5kdc[21392]: AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 172.19.11.14: ISSUE: authtime 1713515900, etypes {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha384-192(20), ses=aes256-cts-hmac-sha1-96(18)}, user1@MYDOM.ORG for kadmin/changepw@MYDOM.ORG

But in the client side, user can login without problems and no password change is requested.

Any idea? maybe do I need to reconfigure something in sever side?

Best regards,
C. L. Martinez

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor