Fedora can’t change Active Directory password via kpasswd

I wanted to change my AD password today. As the AD is actually a Kerberos server, I was pretty sure that kpasswd will do the trick. However, kpasswd output looked like this:

$ kpasswd
Password for polonkai.gergely@EXAMPLE.LOCAL:
Enter new password:
Enter it again:
kpasswd: Cannot find KDC for requested realm changing password

I’ve checked kinit and klist, everything looked fine. After a while it came to my mind that password changing is done through the kadmin server, not through the KDC. It seems that when I set up the Active Directory membership, the admin_server directive is not get written to krb5.conf. So all I had to do was to put

admin_server = ad.example.local

in that file, and voilà!

$ kpasswd
Password for polonkai.gergely@EXAMPLE.LOCAL:
Enter new password:
Enter it again:
Password changed.

links

social