fedora-packager

Clone

b97ff3d Add kpasswd_server to the Kerberos configuration

Authored and Committed by abompard 2 years ago
raw patch tree parent
2 files changed. 2 lines added. 0 lines removed.
krb-configs/fedoraproject_org
file modified
+1 -0
krb-configs/stg_fedoraproject_org
file modified
+1 -0 
    Add kpasswd_server to the Kerberos configuration
    
    According to [the KdcProxy
    docs](https://github.com/latchset/kdcproxy#configuring-a-client-for-kdcproxy),
    the configuration should have a `kpasswd_server` entry. It will enable
    the necessary password change flow for users with an expired password,
    and prevent issues such as
    [noggin #895](https://github.com/fedora-infra/noggin/issues/895).
    
    Without this value:
    ```
    $ kinit -T FILE:/tmp/armor.ccache abompard@STG.FEDORAPROJECT.ORG
    Enter OTP Token Value: [password+OTP]
    Password expired.  You must change it now.
    Enter new password: [new password]
    Enter it again: [new password]
    kinit: Cannot find KDC for realm "STG.FEDORAPROJECT.ORG" while getting initial credentials
    ```
    
    With this value:
    ```
    $ kinit -T FILE:$HOME/armor.ccache abompard@STG.FEDORAPROJECT.ORG
    Enter OTP Token Value: [password+OTP]
    Password expired.  You must change it now.
    Enter new password: [new password]
    Enter it again: [new password]
    Enter OTP Token Value: [password+OTP]
    ```
    
    Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
file modified
+1 -0
file modified
+1 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.