[Freeipa-users] Force IPA to accept password?
Martin Kosek
mkosek at redhat.com
Fri Sep 27 08:27:30 UTC 2013
On 09/27/2013 09:31 AM, Innes, Duncan wrote:
>
>
>> -----Original Message-----
>> From: freeipa-users-bounces at redhat.com
>> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Sumit Bose
>> Sent: 26 September 2013 17:36
>> To: freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] Force IPA to accept password?
...
>> Which command did you use to change the password? 'passwd' or
>> 'ipa passwd'?
>>
>> If you use 'passwd' the PAM stack on the client for the
>> passwd command comes into play which typically has some
>> modules like pam_pwquality.so listed which do checks
>> including dictionary checks.
>>
>> If you use 'ipa passwd' the password should be only validated
>> against the server-side password policy Martin mentioned above.
>
> Sumit, yes - I used 'passwd'. I'll look into using 'ipa passwd' in
> about
> 3 months time :-)
Eh, ok :-) BTW, you could also standard kpasswd, it should also avoid modules
like pam_pwquality.so and only use the server policy.
Martin
More information about the Freeipa-users
mailing list