[Freeipa-users] Password requirements too stringent
Jakub Hrozek
jhrozek at redhat.com
Wed Sep 19 06:56:42 UTC 2012
On Tue, Sep 18, 2012 at 09:43:48PM -0400, Tim Hildred wrote:
> So, commenting out:
> password requisite pam_cracklib.so try_first_pass retry=3 type= dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
>
> Caused users updating their passwords using ssh to get:
>
> [ykatabam at ykatabam ~]$ ssh ykatabam at dns1.ecs-cloud.lab.eng.bne.redhat.com
> ykatabam at dns1.ecs-cloud.lab.eng.bne.redhat.com's password:
> Permission denied, please try again.
> ykatabam at dns1.ecs-cloud.lab.eng.bne.redhat.com's password:
> Password expired. Change your password now.
> Last login: Fri Sep 14 10:20:49 2012 from vpn1-48-53.bne.redhat.com
> WARNING: Your password has expired.
> You must change your password now and login again!
> Changing password for user ykatabam.
> Current Password:
> Password change failed. Server message: Password change failed
> passwd: Authentication token manipulation error
> Connection to dns1.ecs-cloud.lab.eng.bne.redhat.com closed.
>
> Is that to say that you need at least 1 password requisite? That instead of commenting out the password requisite pam_cracklib.so, I should have replaced it with something?
What did /var/log/secure have to say?
The message sounds to me like it's coming from the server..
More information about the Freeipa-users
mailing list