[Freeipa-users] confusing users

Martin Kosek mkosek at redhat.com
Wed Oct 10 06:28:55 UTC 2012 

RHEL6 is quite a broad specification :-) There are 3 additional minor numbers
and the fourth is coming.

But as Simo suggested in this thread, this issue should be fixed in next RHEL
release. I could not reproduce in Fedora too, you can check my ssh outputs
below - a reason why the new password is rejected is returned to user.

Martin

On 10/09/2012 09:44 PM, Steven Jones wrote:
> Hi,
> 
> The user was on ssh.
> 
> RHEL6 64bit.
> 
> 
> 
> regards
> 
> Steven Jones
> 
> Technical Specialist - Linux RHCE
> 
> Victoria University, Wellington, NZ
> 
> 0064 4 463 6272
> 
> ________________________________________
> From: Martin Kosek [mkosek at redhat.com]
> Sent: Tuesday, 9 October 2012 7:54 p.m.
> To: Steven Jones
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] confusing users
> 
> On 10/09/2012 12:59 AM, Steven Jones wrote:
>> Hi,
>>
>> When a user logs in for the first time nad they have to set a new password, if
>> it doesnt meet the passowrd standard/policy it fails with a "authentication
>> token manipulation error" is it possible to get that changed so it says
>> "password does not meet policy"?
>>
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
> 
> Hello Steven,
> 
> what service did you use to log in (package versions may help too)? When I
> tried ssh-ing a new user or login via login terminal, I got an explaining error
> message:
> 
> 1) PAM prevented the change
> 
> # ssh fbar at ipa.example.com
> fbar at ipa.example.com's password:
> Password expired. Change your password now.
> Last login: Tue Oct  9 02:44:19 2012 from 10.0.0.1
> WARNING: Your password has expired.
> You must change your password now and login again!
> Changing password for user fbar.
> Current Password:
> New password:
> BAD PASSWORD: The password is shorter than 8 characters
> New password:
> BAD PASSWORD: The password fails the dictionary check - it is based on a
> dictionary word
> New password:
> Retype new password: Connection to ipa.example.com closed.
> 
> 2) IPA pwpolicy prevented the chgange
> 
> # ssh fbar at ipa.example.com
> fbar at ipa.example.com's password:
> Password expired. Change your password now.
> Last login: Tue Oct  9 02:44:31 2012 from 10.0.0.1
> WARNING: Your password has expired.
> You must change your password now and login again!
> Changing password for user fbar.
> Current Password:
> New password:
> Retype new password:
> Password change failed. Server message: Password does not contain enough
> character classes
> 
> Password not changed.
> passwd: Authentication token manipulation error
> Connection to ipa.example.com closed.
> 
> Martin
> 
>

More information about the Freeipa-users mailing list