Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-12-2012, 09:17 AM   #1
Registered: Jun 2007
Location: Georgia
Distribution: Fedora
Posts: 50

Rep: Reputation: 17
Exclamation RHEL 5.8 Cluster: Nodes keep prompting to change PW


I have a RHEL cluster with 9 nodes. Nodes 1-7 keep prompting me to reset my password. We reset it and try to log-in but it AGAIN asks us to reset our password. Of course we can't because you can only change your password once every 24 hours. Essentially I'm looked out of the 7 nodes completely!

I can't log-in as root on nodes 1-7 because authentication is controlled by Kerberos.

I have no problem using the Master node (as myself or root). I have the root password and Kerberos password (I don't know jack about how to manage Kerberos)for the Master node.

Any idea how I can regain access to my nodes?

Last edited by Enochs; 12-13-2012 at 03:59 PM. Reason: Typo
Old 12-13-2012, 03:54 PM   #2
Registered: Jun 2007
Location: Georgia
Distribution: Fedora
Posts: 50

Original Poster
Rep: Reputation: 17
I figured out the problem.

1. A recent change to the PAM configuration changed the password policy. This change required all users to change their password on next log-in.
2. My user profile was added to the system incorrectly in July when I started working here (still trying to figure out how and fix it). When I change my password, it only updates my Kerberos password and not my local password on each node. When anyone else changes their password, it changes their Kerberos password and their local password on all nodes (password synchronization across the entire cluster). I have to log onto each of the 9 nodes and change my local password independently from my Kerberos pw (still troubleshooting).
3. The problem in step 2 was hard to figure out because we must ssh to these classified systems. Using ssh causes a different log-on behavior in that once you change your password, it logs you out and makes you log back in. Since my pw updated only my Kerberos password, the system kept prompting me to change the pw...of course Kerberos would only let me do a pw change once a day.

To fix this I had to:

1. Gain access to the room that contained these systems so that I could log in at the console instead of ssh. This is to prevent me from being logged out after the initial password change.
2. Log-in using my Kerberos password.
3. Change my local password using the passwd command so that it matches my Kerberos password. (My profile only)
4. Repeat steps 1-3 on all nine nodes in the cluster (my profile only). This is because I still haven't fixed the problem with my profile that's preventing synchronization of my Kerberos and local passwords across the entire cluster.
5. Have each user ssh in and change their pw. Others only had to do this once (any node) and the entire cluster is updated properly.

Last edited by Enochs; 12-13-2012 at 03:58 PM. Reason: Typo
1 members found this post helpful.


authentication, kerberos, password

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Configure 2 nodes cluster Redtth Linux - Enterprise 1 06-12-2012 05:11 PM
Hwaddr of all nodes on a cluster usagi32 Linux - Server 4 09-10-2009 11:21 PM
Cluster....which distro is best for the Nodes? KaptinKABOOM Linux - Software 7 06-14-2004 08:34 PM
rsh on Cluster nodes rudy3107 Linux - Software 0 07-22-2003 06:53 AM
How do i create an a/c at all nodes in the cluster dogma Linux - Networking 4 05-19-2003 10:21 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:09 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration