[Freeipa-users] logging on via ssh using a new account that has an expired password fails
Rob Crittenden
rcritten at redhat.com
Thu Sep 18 12:56:23 UTC 2008
Ivan Levchenko wrote:
> Hi All,
>
> I'm starting to deploy this my IPA setup one system at a time, and I
> just came into one other issue:
>
> I added the host principle for hostname, I can login in using
> existing ipa accounts via ssh fine.
>
> BUT, I just created a new account for a user, and gave him the login
> details. He logs in remotely through a vpn connection (does not have
> any kerberos install or something like that).
>
> and when he ties to log in he gets an auth, failure. this is going on
> at the ipa client:
> Sep 18 04:29:02 svn sshd[31766]: pam_krb5[31766]: authentication fails
> for 'user' (user at REALTOOLSTECH.COM): Authentication failure (Password
> change failed)
> Sep 18 04:29:04 svn sshd[31766]: Failed password for user from
> 192.168.0.112 port 33131 ssh2
>
> How can ssh change the password for this user?
See this:
http://freeipa.org/page/AdministratorsGuide#Using_Password_Authentication
Basically, set ChallengeResponseAuthentication to "yes" in
/etc/sshd/sshd_config
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20080918/d190ee70/attachment.bin>
More information about the Freeipa-users
mailing list