在kinit user1成功之后
我尝试用kpasswd user1
$ kpasswd user1
Password for user1@EXAMPLE.COMN:
Enter new password:
Enter it again:
kpasswd: Cannot contact any KDC for requested realm changing password
如何调试此问题?
如何查看kpasswd的日志?
答案 0 :(得分:0)
我可以设置ENV KRB5_TRACE并查看日志。
$ KRB5_TRACE=/dev/stdout kpasswd user1
...
...
Enter new password:
Enter it again:
[19347] 1542261437.864732: Creating authenticator for ... -> kadmin/changepw@..., seqnum 0, subkey aes256-cts/BC93, session key aes256-cts/6786
[19347] 1542261437.866856: Resolving hostname ...
[19347] 1542261437.867433: Sending initial UDP request to dgram ...
[19347] 1542261440.870780: Sending retry UDP request to dgram ...
[19347] 1542261445.876049: Sending retry UDP request to dgram ...
kpasswd: Cannot contact any KDC for requested realm changing password