kanidm: credential reset failed
I did this
kanidm account credential reset --name admin idm_admin
I expected the following
admin recovery success
Kanidm version (and git commit)
1.1.0.beta-8
[kanidm(d) --version]
1.1.0.beta-8
Operating System / Version
docker
Any other comments
log shows internal error with status 500.
10a55e37-f1bd-43cd-87a3-5dfda54b9614 2022-06-28T15:34:32.366807473+00:00 INFO ┝━ [security.info]: Request received | src: "192.168.1.6" | http.host: "idm.xxx.com:8443" | http.method: "POST" | path: "/v1/credential/_exchange_intent"
10a55e37-f1bd-43cd-87a3-5dfda54b9614 2022-06-28T15:34:32.367009378+00:00 INFO ┝━ [security.info]: Rejecting Update Session - Intent Token does not exist (replication delay?)
10a55e37-f1bd-43cd-87a3-5dfda54b9614 2022-06-28T15:34:32.367040402+00:00 ERROR ┝━ 🚨 [admin.error]: Failed to begin exchange_intent_credential_update | err: Wait(OffsetDateTime { utc_datetime: PrimitiveDateTime { date: Date { year: 2022, ordinal: 179 }, time: Time { hour: 15, minute: 37, second: 2, nanosecond: 366836200 } }, offset: UtcOffset { seconds: 0 } })
10a55e37-f1bd-43cd-87a3-5dfda54b9614 2022-06-28T15:34:32.367067873+00:00 ERROR ┕━ 🚨 [request.error]: Internal error -> Response sent | status: 500 - Internal Server Error
I think maybe it related to time zone setup? (I’m using UTC+8 which now is 2022/06/28 23:37:02.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 18 (18 by maintainers)
Glad we found the cause! #876 will hopefully guard against this one 😄
@yaleman @Firstyear yeah, it’s the problem…I’m changing the password while the server instance is running.
Restart the server solved the problem.
Oooooooooooooo Yes, that would do it as well actually, since you’d change whats on disk but not in the ARC. We need to do process detection and prevent running when kanidmd already exists to prevent this.