[Freeipa-users] Lost access after password policy change
Jason Woods
devel at jasonwoods.me.uk
Mon Sep 15 13:48:18 UTC 2014
Hi all,
I wonder if anyone has any advice. We changed password policy to 20000 days a few weeks ago.
Over the weekend, passwords expired and now we cannot login. All admin accounts are essentially unusable.
Seems to be this issue: https://fedorahosted.org/freeipa/ticket/3312
Any ideas how to get the admin accounts working again? We can't even login to reverse the password policy change.
When we attempt to use the commands we get:
ipa: ERROR: did not receive Kerberos credentials
Of course, we can't kinit. Fortunately, it's only a small network of machines, so it's fairly humorous. We'd rather not have to rebuild though or recover backups.
I presume we just need to somehow get into LDAP without authentication and force change policy.
Thanks,
Jason
More information about the Freeipa-users
mailing list