FreeIPA

Error

Cannot read password

Source

  • Description: When running the initial ipa client installation, kerberos throws an authentication error back:
ipa-client-install ...... -p admin
....
Kerberos authentication failed
kinit: Cannot read password while getting initial credentials
  • Cause: This error is comming from kinit as the error states, but from a different sub-task: While trying to generate a kerberos tickets kinit gets the feedback that the password has expired and needs to be changed. The ipa client installation does not take care of this and so this error is the result of kinit not getting an update password from the user.

  • Solution: Either Update the password using kinit or prevent the password from expiring within the AD (see the user properties).

$ kinit admin@DOMAIN.LOC
Password for admin@DOMAIN.LOC:
Password expired. You must change it now.
Enter new password:
Enter it again: