Hello everyone.

I contact you because I have a problem when I reinitialize some passwords for other users.

I created a login in IPA and I added this login into the admins group.

Then I was able to perform some password changes for other accounts, using :

1. ipa passwd to set a one time password

2. kpasswd to set a "permanent" password (respecting the password policy)

3. And then I send the password to the end user

Then I tried on another account.

- The ipa passwd works well.

- But when I tried the kpasswd, I get the following error message :

"kpasswd: Clients credentials have been revoked getting initial ticket"

I retried multiple times, but I always got the same error message.

I thought it was because the account was locked. So I checked with ipa status and the account is not locked.

What does this error message mean please ?

-> When it says the "client", does it mean the other account I am trying to kpasswd ?

-> When it says that the credentials have been revoked, what does it mean ?

-> What is this initial ticket it is mentioning ?

Thank you in advance !

Best regards.

Lune