[Freeipa-users] kinit - gui
Hebert, Henry
henry.hebert at roche.com
Thu Aug 1 20:43:04 UTC 2013
My user is in the admins group however not in the "trust admins"
Group name: admins
Description: Account administrators group
GID: 988200000
Member users: admin, XXXXXXXXX, hhebertXXX
Member of HBAC rule: hostname
Group name: trust admins
Description: Trusts administrators group
Member users: admin
I ran the above command to the same results.
[hhebertXXX at hostname ~]$ ipa user-unlock admin
ipa: ERROR: did not receive Kerberos credentials
I am asking the installer about the DM password.
Again thx for all your help.
Henry
On Thu, Aug 1, 2013 at 4:24 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Hebert, Henry wrote:
>
>> Aha! See Max failures below...
>>
>> [root at hostname ~]# ipa pwpolicy-show --user=admin
>> Group: global_policy
>> Max lifetime (days): 365
>> Min lifetime (hours): 1
>> History size: 1
>> Character classes: 1
>> Min length: 8
>> Max failures: 12
>> Failure reset interval: 0
>> Lockout duration: 0
>>
>> is there a command like pam_tally2 for ipa to reset the number of failed
>> logins?
>>
>
> ipa user-unlock <user>
>
> You need to be in the admins group to execute this. The account is
> permanently lock (until unlocked) because the lockout duration is 0,
> meaning forever.
>
> If you have the DM password we can use that account to unlock admin if you
> have no other users in the admins group.
>
> rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130801/c00ade66/attachment.htm>
More information about the Freeipa-users
mailing list