[Freeipa-users] User's Cannot Reset Expire Passwords Without Password Being Reset First in WebUI
Simo Sorce
simo at redhat.com
Thu Jan 3 15:31:46 UTC 2013
On Wed, 2013-01-02 at 17:47 -0500, Chris Natter wrote:
> Hello,
>
> My users are running into a bit of a problem with password expiry and
> the reset prompts.
>
> When they attempt to reset their password they end up recieving access
> denied messages after going through the prompts to reset their
> password
> and entering their new desired passwords.
>
> The interesting thing is that if I reset the password via the Web UI
> to anything,
> and then have the user try again with the new password, they are able
> to
> successfully reset their password with no issues.
>
> Log snippets are below, I've sanitized them so the user in question is
> 'juser'.
>
> Any help or guidance would be very appreciated. Thank you!
>
>
They are probably failing to meet password policies but sshd is not
using pam conversations.
Set ChallengeResponseAuthentication yes in sshd_config, this should
allow conversations and proper errors to show up.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list