[Freeipa-users] Force to change password in first login
cbulist at gmail.com
cbulist at gmail.com
Tue Oct 8 18:32:51 UTC 2013
Thanks Rob and Rodney!
Your recommendations worked.
On 10/08/2013 12:53 PM, Rob Crittenden wrote:
> Rodney L. Mercer wrote:
>> I've used grub-md5-crypt to create a password for an openldap server and
>> used this format:
>> # grub-md5-crypt
>> Password:
>> Retype password:
>> $1$mGzMO1$zF/c9QxKV.ZZXwlvyR8UO1
>>
>> Here is the ldif that I used to modify the entry on the openldap server:
>>
>> #cat usermod.ldif
>> dn: uid=username,cn=users,cn=accounts,dc=example,dc=com
>> changetype: modify
>> replace: userPassword
>> userPassword: {crypt}$1$mGzMO1$zF/c9QxKV.ZZXwlvyR8UO1
>>
>>
>> I'm not sure if this will work for the directory server that IPA uses?
>>
>> Worth a shot I suppose.
> crypt will work. Or you can pass it in the clear and it will encrypt it
> for you using the default password scheme, SSHA1 IIRC.
>
> rob
>
>> Rodney.
>>
>>
>>
>> On Tue, 2013-10-08 at 12:28 -0500, cbulist at gmail.com wrote:
>>> Rodney,
>>>
>>> Thanks!...I forgot it totally...
>>>
>>> Let me ask you about modify the password using ldapmodify command, I
>>> tried changing userPassword attribute with {MD5} encryption and it did
>>> not work.
>>>
>>> ldapmodify -x -H ldap://ipaserver -D "cn=directory manager" -w
>>> 'password' <<EOF
>>> changetype: modify
>>> replace: userPassword
>>> userPassword: {MD5}QvdJref54ZW/R183pEyvyw==
>>> EOF
>>>
>>> Do I need to modify another attribute?...any clue?
>>>
>>> Thanks in advance!
>>>
>>>
>>>
>>> On 10/08/2013 12:07 PM, Rodney L. Mercer wrote:
>>>> I've used this to extend the password expiration. It "should" work for
>>>> setting an expired password expiration. You have to hit enter twice
>>>> after the krbPasswordExpiration: 20131008000000Z line.
>>>>
>>>> # ldapmodify -x -D 'cn=Directory Manager' -W
>>>> Enter LDAP Password:
>>>> dn: uid=username,cn=users,cn=accounts,dc=example,dc=com
>>>> changetype: modify
>>>> replace: krbPasswordExpiration
>>>> krbPasswordExpiration: 20131008000000Z
>>>>
>>>>
>>>> modifying entry
>>>> "uid=username,cn=users,cn=accounts,dc=example,dc=com"
>>>>
>>>> ctrl-d
>>>>
>>>>
>>>>
>>>> On Tue, 2013-10-08 at 11:51 -0500, cbulist at gmail.com wrote:
>>>>> Hi All,
>>>>>
>>>>> I created a script to add users to freeipa using ldapadd command and it
>>>>> works great. Now I want to forcibly change the password in the first
>>>>> user login. What attribute do I have to change to accomplish this?
>>>>>
>>>>> Thanks!
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-users mailing list
>>>>> Freeipa-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
More information about the Freeipa-users
mailing list