[Freeipa-users] Inconsistant first login behaviour

Dmitri Pal dpal at redhat.com
Wed Jun 8 20:56:05 UTC 2011 

On 06/08/2011 04:04 PM, Steven Jones wrote:
> Hi,
>
> Can you fix 5.6 so it runs the ipa-client-install script the same way then please? because running the same command giving differing results seems strange....unless you are telling me its simply the way rhel5.6 will work?

Well the problem is that SSSD is not in 5.6 by default. ipa-client on
5.6 configures LDAP+Kerberos. In fedora there is SSSD and it is
configured. In 5.7 there will be a new ipa-client that will act in the
same way as in RHEL 6 or Fedora.

But the expectation is that they should act in the same way now. But
apparently there is some difference.

We need to understand exactly what is your use case.
What is configured in your nsswitch and pam config on RHEL and Fedora?
And if in one case it is SSSD and not in the other we need to see SSSD
configuration and LDAP and Kerberos configuration files.


> regards
>
> Steven
> ________________________________________
> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Dmitri Pal [dpal at redhat.com]
> Sent: Thursday, 9 June 2011 5:00 a.m.
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Inconsistant first login behaviour
>
> On 06/07/2011 10:36 PM, Steven Jones wrote:
>> Logging into the F15 client and I just login with the ldap password...
>>
>> If I try the same thing with RHEL5.6 I get told I have one hour to password expiry....
>>
>> I'd like it to do one or other across platforms....and be able to set this behaviour, per user....or not at all.
>>
> This is probably because in one case you log using LDAP password and in
> another as Kerberos credential. The underlying password string is the
> same but other properties like expiration are different as you see.
> To have the consistent experience configure both systems to use same
> type of the credential.
>
>
>> regards
>>
>> Steven
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list