Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Troubleshooting
Administrative Error Messages
Chapter 9274
Administrative Error Messages
Following are some messages that administrative principals may
encounter when using their accounts. This section also contains some
recommended solutions.
Password has expired while getting initial ticket
Explanation: This message may occur when a user tries to log on as a
remote administrator using the Remote Command-Line-Administrator,
the kadmin command. This implies that when the principal account was
created, it was configured to require a password change. This is the
default behavior. Or it may occur if the administrative principal
password has expired.
Remote Command-Line-Administrator does not permit password
changes. Note that this error will not occur when using the Local
Administrator, as the Local Administrator does not require a
password to be entered.
Action:
• If the Change Password Required attribute is set, use the Local
Administrator, kadminl_ui, to disable the require password
change option for the administrative principal to be used for remote
administration.
— If you are using the Administrator, go the Attributes tab on
the Principal Information window and clear the Require
Password Change checkbox.
— If you are using the Command-Line-Administrator, kadmin,
use the mod [principal] command and set nopwchg to indicate
no password change required.
Service key not available while getting initial ticket
Explanation: This message may occur when a user tries to logon to
Remote Administrator. It also may occur while using the kinit and
kpasswd utilities. It means that the user is trying to use a key type that
is different than the one assigned to the user in the principal database,
in other words, DES vs. 3DES. By default, the Administrator and