Found the solution --
create .ldif file, add the following line to the file, save & exit out:
"dn: cn=global_policy,cn=DOMAINL,cn=EXAMPLE,dc=EXAMPLE,dc=COM
changetype: modify
replace: krbMinPwdLife
krbMinPwdLife: 0"
note: you need to know the directory manager password
run:
ldapmodify -h localhost -x -W -D "cn=directory manager" -f /root/test/krb_test.ldif
now reset the password through kadmin.local:
kadmin.local
Authenticating as principal admin/admin@EXAMPLE.COM with password.
kadmin.local: change_password -pw secret123
admin@EXAMPLE.COM
Password for "admin@EXAMPLE.COM" changed.
kadmin.local: q
4. Run this command to clear cache
kdestroy
5. Run "kimit admin" to login KDC using new password
Example -
[root@bddec1v1-0019 ~]# kinit admin
Password for
admin@EXAMPLE.COM:
[root@bddec1v1-0019 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal:
admin@EXAMPLE.COM
Valid starting Expires Service principal
06/19/15 12:38:39 06/26/15 12:38:39 krbtgt/EXAMPLE.COM@EXAMPLE.COM
renew until 07/03/15 12:38:39