[Freeipa-users] Change Password problems (Unsupported Version)
Jakub Hrozek
jhrozek at redhat.com
Wed Sep 28 19:38:33 UTC 2011
On Wed, Sep 28, 2011 at 01:59:36PM -0400, Nalin Dahyabhai wrote:
> On Wed, Sep 28, 2011 at 02:49:02PM +0800, Goff, Raal wrote:
> > The only difference I know about is that the users who CAN change their passwords have not got an expired password (so they can login and use kpasswd from the shell), whereas those who CANNOT change their password need to reset it before logging in (i.e., they get the 'your password has expired, reset it now etc etc). I updated the kerberos libraries/tools on the CentOS 6.0 box using the Continuous Release repository, and then edited the ldap configuration to get around https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=713525 and users can now reset their passwords on that box during login and on the shell (kpasswd). I'm not sure which of these actually fixed the problem (if any).
>
> Ah, somehow I'd missed that you were running 6.0. If your client
> systems are using pam_krb5 instead of SSSD, then you're likely hitting
> https://bugzilla.redhat.com/show_bug.cgi?id=690583, which was fixed in
> 6.1.
>
He said he was updating the passwords with kpasswd, which should bypass
the pam stack and talk to the kpasswd deamon directly, right?
More information about the Freeipa-users
mailing list