Cannot read password
- Description: When running the initial ipa client installation, kerberos throws an authentication error back:
$ ipa-client-install ...... -p admin .... Kerberos authentication failed kinit: Cannot read password while getting initial credentials
Cause: This error is comming from kinit as the error states, but from a different sub-task: While trying to generate a kerberos tickets kinit gets the feedback that the password has expired and needs to be changed. The ipa client installation does not take care of this and so this error is the result of kinit not getting an update password from the user.
Solution: Either Update the password using
kinitor prevent the password from expiring within the AD (see the user properties).
$ kinit admin@DOMAIN.LOC Password for admin@DOMAIN.LOC: Password expired. You must change it now. Enter new password: Enter it again: