Re: using kpasswd with ldap db (0.7.2)

["Henry B. Hotz" <hotz@jpl.nasa.gov>]

Does disabling pre-auth have any affect?

On May 24, 2006, at 4:12 AM, Love Hörnquist Åstrand wrote:

> "Eric Ortego" <ericortego@gmail.com> writes:
>
>> My directory hold the kerberos db and was working great untill I
>> upgraded to 0.7.2
>> What stopped working was kpasswd. I can no longer change a users
>> password with it.
>> This is the error I get, which is output twice for each passwd  
>> change attempt:
>>
>> [kpasswdd] Changing password for eric@MYDOMAIN.COM
>> [kpasswdd] kadm5_s_chpass_principal_cond: ldap_modify_s:
>> eric@MYDOMAIN.COM (dn=uid=eric,ou=people,dc=mydomain,dc=com) Type or
>> value exists: krb5EncryptionType: value #0 provided more than once
>>
>> The only way I am able to use kpasswd to update passwords is by first
>> deleting the entry for krb5EncryptionType
>>
>> Is this a known bug or possibly some configuration option I have
>> overlooked that fixes this?
>
> I think its a bug somewhere where the krb5EncryptionType is set, but I
> can't figure out what it is. If you have time to debug the code its in
> lib/hdb/hdb-ldap.c:LDAP_entry2mods() where the krb5EncryptionType  
> is set.
>
> if you can't find the error, you can just comment out the while "if
> (ent->etypes) { " section in that file.
>
> Love

------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu