[Freeipa-users] Password expiration not updated with password change
Dmitri Pal
dpal at redhat.com
Mon Apr 27 19:26:51 UTC 2015
On 04/27/2015 01:08 PM, Tony Izzo wrote:
> I'm currently experimenting with Red Had Identity Management 6.0,
This version does not make sense. Did you mean 7.0?
> and I've noticed that when I create a user, and have them change their
> password using the "passwd" command, the password is changed in IdM,
> but the password expiration date is not updated, so that their
> password remains expired.
Are you sure that the password is actually changed in the central server?
How does your PAM stack look like?
Do you use SSSD?
>
> Furthermore, the "expired" state of the password only seems to apply
> to logging into the IdM Web UI (these users are members of the
> "admins" group); users are able to log into any RHEL machine
> configured as an IdM client, using their updated password, even though
> the password is supposedly expired.
Are you sure you do not have an overlapping local user?
>
> Any advice on what I'm doing wrong? Is the passwd command a valid way
> for a user to update their own password? Thanks.
If this is the consistent behavior then I suggest you look at the server
logs and see what is going on on the KDC and LDAP side at the moment of
the password change.
See the troubleshooting guide on the IPA wiki for more hints.
>
> Tony
>
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150427/767b120d/attachment.htm>
More information about the Freeipa-users
mailing list