[Freeipa-users] pam settings for changing password under FreeIPA
Simo Sorce
ssorce at redhat.com
Fri Oct 24 14:00:50 UTC 2008
On Fri, 2008-10-24 at 14:36 +0100, Nick Gresham wrote:
> So this is a big improvement, but I am still concerned that it may be
> too confusing for our user base, in that they would have to enter the
> 'old' (i.e. expired) password twice (once at the initial "Password"
> prompt and then again after the warnings at the "Kerberos 5 Password"
> prompt) before getting to 'New UNIX password' and the actual password
> change.
This is just a matter of configuration of the pam_stack, you want to
probably always attempt first a kerberos password change and a unix
password change only if it fails, as the default case for you is users
coming from IPA not local users.
Simo.
More information about the Freeipa-users
mailing list