[Freeipa-users] confusing users

Steven Jones Steven.Jones at vuw.ac.nz
Tue Oct 9 19:44:44 UTC 2012 

Hi,

The user was on ssh.

RHEL6 64bit.



regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Martin Kosek [mkosek at redhat.com]
Sent: Tuesday, 9 October 2012 7:54 p.m.
To: Steven Jones
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] confusing users

On 10/09/2012 12:59 AM, Steven Jones wrote:
> Hi,
>
> When a user logs in for the first time nad they have to set a new password, if
> it doesnt meet the passowrd standard/policy it fails with a "authentication
> token manipulation error" is it possible to get that changed so it says
> "password does not meet policy"?
>
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>

Hello Steven,

what service did you use to log in (package versions may help too)? When I
tried ssh-ing a new user or login via login terminal, I got an explaining error
message:

1) PAM prevented the change

# ssh fbar at ipa.example.com
fbar at ipa.example.com's password:
Password expired. Change your password now.
Last login: Tue Oct  9 02:44:19 2012 from 10.0.0.1
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user fbar.
Current Password:
New password:
BAD PASSWORD: The password is shorter than 8 characters
New password:
BAD PASSWORD: The password fails the dictionary check - it is based on a
dictionary word
New password:
Retype new password: Connection to ipa.example.com closed.

2) IPA pwpolicy prevented the chgange

# ssh fbar at ipa.example.com
fbar at ipa.example.com's password:
Password expired. Change your password now.
Last login: Tue Oct  9 02:44:31 2012 from 10.0.0.1
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user fbar.
Current Password:
New password:
Retype new password:
Password change failed. Server message: Password does not contain enough
character classes

Password not changed.
passwd: Authentication token manipulation error
Connection to ipa.example.com closed.

Martin

More information about the Freeipa-users mailing list