<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 03/07/2013 11:47 PM, Tim Hildred wrote:
<blockquote
cite="mid:310055560.42963518.1362718022996.JavaMail.root@redhat.com"
type="cite">
<pre wrap="">Hello,
I have been using IPA for authentication with a RHEV environment.
Quite a while ago, I got help from this list in making it so that my users could access the WebUI with their login and passwords, no Kerberos ticket required. I also had it working that when their passwords expired, they would ssh to the IPA server as themselves, get challenged for their current password, and then the opportunity to provide a new one.
The update to ipa-server 3.0.0-25.el6 means that I can no longer log into the WebUI with just a login and password (see attached screenshot) and that users who try and update expired passwords get:
You must change your password now and login again!
Changing password for user juwu.
Current Password:
New password:
Retype new password:
Password change failed. Server message: Password not changed.</pre>
</blockquote>
<br>
It seems that password might have not matched the server policy.<br>
Have you tried different users and different passwords?<br>
<br>
What does kerberos log on the server show? It will give you some
hint about the reason why the password was rejected.<br>
It might be that the password you are trying to use already in the
history of passwords. AFAIR there was a bug that we did not handle
history of passwords properly in some cases. Now as it is fixed you
might see a proper policy enforcement.<br>
<br>
<blockquote
cite="mid:310055560.42963518.1362718022996.JavaMail.root@redhat.com"
type="cite">
<pre wrap="">
Insufficient access to perform requested operation while trying to change password.
passwd: Authentication token manipulation error
Connection to dns1.ecs-cloud.lab.eng.bne.redhat.com closed.
Can anyone help me restore that functionality? Please?
Tim Hildred, RHCE
Content Author II - Engineering Content Services, Red Hat, Inc.
Brisbane, Australia
Email: <a class="moz-txt-link-abbreviated" href="mailto:thildred@redhat.com">thildred@redhat.com</a>
Internal: 8588287
Mobile: +61 4 666 25242
IRC: thildred
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>