You are not logged in.
So I'm not sure when it happened, but the passwd command stopped working with kerberos accounts on my domain. The accounts themselves are on an Active Directory server and users are able to login, but if you try to change your password it prompts for the kerberos password then throws an error that the user is not known to the underlying authentication module.
This is the /etc/pam.d/passwd file contents
password sufficient pam_krb5.so ignore_root minimum_uid=2000
password required pam_unix.so md5 shadow use_authtok
I'm not sure what happened and I couldn't find any documentation about it, I know for a fact that this setup was working and there were only 1 or 2 version of the packages in the cache and downgrading did not fix the problem. Like I said, auth is working for the console, sshd, and the login manager so it is verifying information with the server so I'm really confused. Can anyone offer some insight?
Last edited by PreparationH67 (2011-07-15 01:29:40)
Offline
I forgot to mention, kpasswd works and updates the password.
Offline
Grrrrr, I found that damn problem and it seems I was too quick to blame the Arch clients. It turned out it was the damn AD server all along, somehow the clock on the Windows Server fell behind the ntp synced Arch machines so it was ignoring tickets I thought were from the future. Auth and read operations are not affected my this apparently, just writes (such as a password update). God I hate Windows servers, I will celebrate when I finally replace the damn this with a Linux server running openldap like it used to be before a previous admin with a hard-on for Windows tied us down with this crap.
Offline