I've set up Kerberos/LDAP on Ubuntu 11.04 Server according to this guide. My client machines are auto-mounting NFS volumes from the server using krb5. All is good: Users can log in to any of the machines in the office and their home directories auto-mount when they do.
A user has forgotten his password. How do I — root — reset it?
It seems to me that the password must be reset both in Kerberos and in LDAP, but I haven't been able to figure out how. Things I've tried:
ldappasswd
– User can successfully log in but their home directory does not mount.ldapsetpasswd
– Same.kinit; passwd
– My understanding is that passwd hooks PAM and therefore it may be the one-stop-shop that I'm looking for to get this done. It keeps asking me — rather cryptically, I might add — for "Current Kerberos password." None of the usual suspects seem to work.
Cheers!
Best Answer
You should not tamper with the ldap password. It's probably
{SASL}user@DOMAIN.TLD
, which is what it always should be.You should use
kadmin
.You do not need to be root, just have the right privileges with the KDC.
example: