Hi, I'm confused about ldap authentication.
I'm attempting to use ldap with kerberos 5, when changing an user's password,
I issused:

user1]$ passwd
Kerberos 5 Password: ******
New UNIX password: ******
Retype new UNIX password: ******

All things go well, however, still have a password don't change, and I don't know
what this password is. And how to change it.
Still that user, I can't use 'ldappasswd'

user1]$ ldappasswd
SASL/GSSAPI authentication started
SASL username: user1@MYREALM.COM
SASL installing layers
New password: yPYNAgvO  <--- this changes frequently
Result: Internal (implementation specific) error (80)
Additional info: SASL(-7): invalid parameter supplied: Error putting OTP secret

I should emphasize that the user1 has two passwords, the first one can be changed with 'passwd' or 'kpasswd', the other I don't know how to access it, although this second password still works and it's can be used to login.

More information:

user1]$ passwd
Kerberos 5 Password: <--- type a wrong password and got following (only the first password works here)
Enter login(LDAP) password: <--- the second password works here
New UNIX password: ******
Retype new UNIX password: ******
LDAP password information update failed: Insufficient access

passwd: Permission denied

Best Regards.

Le Trung Kien.