[Freeipa-users] user unable to change password after admin resets pw
Kelvin Edmison
kelvin at kindsight.net
Fri Feb 17 03:52:42 UTC 2012
I had sworn that I had faithfully followed the firewall configs, but this
was it; thanks! Off to tcpdump to see which port I missed.
Kelvin
On 12-02-16 10:21 PM, "Brian Topping" <topping at codehaus.org> wrote:
> Firewall issue? Maybe do a tcpdump on one of the machines while trying this?
>
> On Feb 16, 2012, at 10:10 PM, Kelvin Edmison wrote:
>
>> Hi all,
>>
>> I am trying to roll out ipa as our central authentication system, and am
>> running into problems with password changes on CentOS 5.
>>
>> Scenario:
>> Admin user resets a user's password.
>> The user, on a non-IPA-managed system, logs into a CentOS 5 server
>> (IPA-managed) via ssh. The temporary password is accepted and the user is
>> immediately prompted to change the password, but the password change fails
>> with the message 'System is offline, password change not possible'.
>>
>> $ ssh kelvin at testhost
>> kelvin at testhost's password:
>> Warning: Your password will expire in less than one hour.
>> Password expired. Change your password now.
>> Last login: Thu Feb 16 21:54:59 2012 from vpn
>> WARNING: Your password has expired.
>> You must change your password now and login again!
>> Changing password for user kelvin.
>> Current Password:
>> New UNIX password:
>> Retype new UNIX password:
>> System is offline, password change not possible
>> Warning: Your password will expire in less than one hour.
>> Warning: Your password will expire in less than one hour.
>> passwd: Authentication token manipulation error
>> Connection to testhost closed.
>>
>> What am I missing? Can someone please help me get this working?
>>
>> Thanks,
>> Kelvin
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list