Professional Documents
Culture Documents
assword. kinit error: "kinit: Cannot contact any KDC for requested realm while getting initial credentials" - Red Hat Cust…
C U S T O M E R (https://access.redhat.com/)
P O R TA L
Environment
Red Hat Enterprise Linux 6.3
ipa-client-2.2.0-16.el6.x86_64
ipa-server-2.2.0-16.el6.x86_64
Issue
Customer trying to reset a password for an account that's sitting on IPA and it keeps failing.
kinit user1
Password for user1@example.com:
Password expired. You must change it now.
Enter new password:
Enter it again:
kinit: Cannot contact any KDC for requested realm while getting initial credentials
Resolution
Make sure kadmin service is running on the ipa server, also make sure kpasswd port (464) is
not blocked by any firewall.
For Example If the password policy says minimum number of characters in the password is 14 , your
new password should have 14 or more characters.
https://access.redhat.com/solutions/176193 1/3
2/14/2020 IPA fails to reset password. kinit error: "kinit: Cannot contact any KDC for requested realm while getting initial credentials" - Red Hat Cust…
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions
that Red Hat engineers have created while supporting our customers. To give you the knowledge
you need the instant it becomes available, these articles may be presented in a raw and unedited
form.
kinit for an IPA user fails if 2FA(Password + OTP) is enabled for that user
IPA - Unable to reset users passwords when password expiry set to > 9000 days
IPA kinit fails with the error : "kinit: Clients credentials have been revoked while getting
initial credentials"
Comments
https://access.redhat.com/solutions/176193 2/3
2/14/2020 IPA fails to reset password. kinit error: "kinit: Cannot contact any KDC for requested realm while getting initial credentials" - Red Hat Cust…
C U S T O M E R (https://access.redhat.com/)
P O R TA L
https://access.redhat.com/solutions/176193 3/3