A few days ago one of our users reported that they couldn’t change their password. The error coming out of the passwd command was confusing in itself – it said ‘bad old password’, or similar, which turns out to be a bug in our wrapper script.
After some investigation we discovered that neither kadmin or kpasswd worked:
tdb [~] % kadmin -p tdb/admin Enter Password: kadmin: Operation failed for unspecified reason while initializing kadmin interface
tdb [~] % kpasswd kpasswd: Changing password for tdb. Old password: kpasswd: Cannot establish a session with the Kerberos administrative server for realm CS.UKC.AC.UK. Operation failed for unspecified reason.
The completely unhelpful bit there is the “failed for unspecified reason” error message. How are you meant to even begin debugging that? After a couple of hours digging I logged the call with Sun.
It turns out that there is a known bug:
Document ID:6410919
Title:Patch 112908-24 will cause the kadmin -p kws/admin to exit with a error message
The solution presented was to remove patch 112908-24. This time I’m willing to do that, but from past experience I’d like to see them actually fix the problem rather than just back it out. Or, at the very least, remove the patch from cluster patches. Otherwise in 6 months time I’m left staring at the same problem.
What I’ve found most interesting in all this is that it took the best part of a month for anyone to notice passwords couldn’t be changed 🙂
