2/14/2020 IPA fails to reset password.

assword. kinit error: "kinit: Cannot contact any KDC for requested realm while getting initial credentials" - Red Hat Cust…

C U S T O M E R (https://access.redhat.com/)
P O R TA L


IPA fails to reset password. kinit error: "kinit: Cannot

contact any KDC for requested realm while getting
initial credentials"
$ SOLUTION VERIFIED - Updated August 18 2013 at 4:26 PM - English ()

Environment
Red Hat Enterprise Linux 6.3
ipa-client-2.2.0-16.el6.x86_64
ipa-server-2.2.0-16.el6.x86_64

Issue
Customer trying to reset a password for an account that's sitting on IPA and it keeps failing.

kinit user1
Password for user1@example.com:
Password expired. You must change it now.
Enter new password:
Enter it again:
kinit: Cannot contact any KDC for requested realm while getting initial credentials

Resolution
Make sure kadmin service is running on the ipa server, also make sure kpasswd port (464) is
not blocked by any firewall.

Look whether a custom password policy set-up through IPA.

And if there is, make sure to use a password which complies with the password policy.

For Example If the password policy says minimum number of characters in the password is 14 , your
new password should have 14 or more characters.

https://access.redhat.com/solutions/176193 1/3
2/14/2020 IPA fails to reset password. kinit error: "kinit: Cannot contact any KDC for requested realm while getting initial credentials" - Red Hat Cust…

Root Cause C U S T O M E R (https://access.redhat.com/)


P O R TA L
Password customer using as the new password, didn't comply with the IPA password policy.

Product(s) Red Hat Enterprise Linux (/taxonomy/products/red-hat-enterprise-linux)

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions
that Red Hat engineers have created while supporting our customers. To give you the knowledge
you need the instant it becomes available, these articles may be presented in a raw and unedited
form.

People who viewed this solution also viewed

kinit for an IPA user fails if 2FA(Password + OTP) is enabled for that user

Solution - Nov 6, 2017

IPA - Unable to reset users passwords when password expiry set to > 9000 days

Solution - Jul 30, 2013

IPA kinit fails with the error : "kinit: Clients credentials have been revoked while getting
initial credentials"

Solution - Oct 11, 2019

Comments
https://access.redhat.com/solutions/176193 2/3
2/14/2020 IPA fails to reset password. kinit error: "kinit: Cannot contact any KDC for requested realm while getting initial credentials" - Red Hat Cust…

C U S T O M E R (https://access.redhat.com/)
P O R TA L


All systems operational (https://status.redhat.com)

Privacy Statement (http://www.redhat.com/en/about/privacy-

policy)
Customer Portal Terms of Use
(https://access.redhat.com/help/terms/)
All Policies and Guidelines
(http://www.redhat.com/en/about/all-policies-guidelines)
Copyright © 2020 Red Hat, Inc.

https://access.redhat.com/solutions/176193 3/3