[Freeipa-users] confusing users
Martin Kosek
mkosek at redhat.com
Tue Oct 9 06:54:11 UTC 2012
On 10/09/2012 12:59 AM, Steven Jones wrote:
> Hi,
>
> When a user logs in for the first time nad they have to set a new password, if
> it doesnt meet the passowrd standard/policy it fails with a "authentication
> token manipulation error" is it possible to get that changed so it says
> "password does not meet policy"?
>
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
Hello Steven,
what service did you use to log in (package versions may help too)? When I
tried ssh-ing a new user or login via login terminal, I got an explaining error
message:
1) PAM prevented the change
# ssh fbar at ipa.example.com
fbar at ipa.example.com's password:
Password expired. Change your password now.
Last login: Tue Oct 9 02:44:19 2012 from 10.0.0.1
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user fbar.
Current Password:
New password:
BAD PASSWORD: The password is shorter than 8 characters
New password:
BAD PASSWORD: The password fails the dictionary check - it is based on a
dictionary word
New password:
Retype new password: Connection to ipa.example.com closed.
2) IPA pwpolicy prevented the chgange
# ssh fbar at ipa.example.com
fbar at ipa.example.com's password:
Password expired. Change your password now.
Last login: Tue Oct 9 02:44:31 2012 from 10.0.0.1
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user fbar.
Current Password:
New password:
Retype new password:
Password change failed. Server message: Password does not contain enough
character classes
Password not changed.
passwd: Authentication token manipulation error
Connection to ipa.example.com closed.
Martin
More information about the Freeipa-users
mailing list