Troubleshooting

Administrative Error Messages

Administrative Error Messages

Following are some messages that administrative principals may see when using their accounts. This section also contains some recommended solutions.

Password Has Expired While Getting Initial Ticket

Explanation: This message may appear when a user tries to log on as a remote administrator using the remote command-line administrator, kadmin. This implies that when the principal account was created, it was configured to require a password change. This is the default behavior. Alternatively, it may occur if the administrative principal password has expired.

Remote command-line administrator does not permit password changes. This error does not occur when using the local administrator because the local administrator does not require a password to be entered.

Action:

If you set the Change Password Required attribute, use the local administrator, kadminl_ui, to disable the Require Password Change option for the administrative principal to be used for remote administration.

If you are using the HP Kerberos Administrator, select the Principal Information>Attributes tab and clear the Require Password Change checkbox.

If you are using the command-line administrator, kadmin, use the mod [principal] command and set nopwchg to indicate that password change is not required.

Service Key Not Available While Getting Initial Ticket

Explanation: This message may appear when a user tries to log on to the remote administrator. It also may occur while using the kinit and kpasswd utilities. It means that the user is trying to use a key type that is different than the one assigned to the user in the principal database, in other words, DES versus 3DES. By default, the HP Kerberos Administrator and command-line administrator are set to use a 3DES

306

Chapter 11

Page 306
Image 306
HP UX Kerberos Data Security Software Administrative Error Messages, Password Has Expired While Getting Initial Ticket