[Freeipa-users] Mountain Lion GUI Login

[KodaK]

On Tue, Aug 6, 2013 at 4:31 PM, Davis Goodman
<davis.goodman at digital-district.ca> wrote:
> Hi,
>
> I have an FreeIPA server configured, managed to configure a Mountain Lion Client for automounts and user logins.
>
> My issue is that whenever I first login with a user the "New Password" box shows up and even if I try to change the password the box keeps reappearing without any success.
>
> If I log onto the machine with the local admin user and try to get a ticket for this user I get a "New Password" prompt. From there I can change the password and I get a ticket without an issue. After that I can login through the GUI without being asked for a new password.
>
> Anyone has seen this behaviour before?

That's the expected behavior.  When you set the user's password as an
admin, it sets the "force a password change" flag.

I don't know anything aobut OSX, but there may be a way to configure
the login GUI to deal with the password change correctly.

Failing that, you can use a web based password change utility and let
users do self service, or if you don't want that you can set up a
special password administrator you can use that when it sets passwords
it doesn't force a change (bad idea.)

For setting up either, you need to do this:

http://www.freeipa.org/page/PasswordSynchronization

for the password change user.

This is the web based password change utility I chose to use, but
there are others -- or you can roll your own:

http://ltb-project.org/wiki/documentation/self-service-password

--Jason

-- 
The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6