[Freeipa-users] password expiration

[Sandor Juhasz]

It is confirmed, the password policy was changed with password expiration beyond 2038. 
Question is, how can we restore the pw policy without a working admin user? 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Martin Kosek" <mkosek at redhat.com> 
To: "Tamas Papp" <tompos at martos.bme.hu>, freeipa-users at redhat.com 
Sent: Tuesday, June 2, 2015 9:54:43 AM 
Subject: Re: [Freeipa-users] password expiration 

On 06/01/2015 07:50 PM, Tamas Papp wrote: 
> hi All, 
> 
> I'm stuck: 
> 
> 
> $ kinit admin 
> Password for admin at CXCLIENTS: 
> kinit: Password incorrect while getting initial credentials 
> [root at ipa-clients1 ~]$ kinit admin 
> Password for admin at CXCLIENTS: 
> Password expired. You must change it now. 
> Enter new password: 
> Enter it again: 
> kinit: Password has expired while getting initial credentials 
> 
> 
> 
> 
> $ kinit admin 
> Password for admin at CXCLIENTS: 
> Password expired. You must change it now. 
> Enter new password: 
> Enter it again: 
> Password change rejected: Current password's minimum life has not expired 
> 
> Password not changed.. Please try again. 
> 
> Enter new password: 
> 
> 
> 
> 
> What can I do now? 
> 
> 
> Thanks, 
> tamas 
> 

Hi Tamas, 

What platform and FreeIPA version do you use? What actions did you do before 
this happened? Were you for example changing the (global) password policy? 
Setting a too high password life may case the Year 2038 problem and have 
password validity in the past. 

-- 
Manage your subscription for the Freeipa-users mailing list: 
https://www.redhat.com/mailman/listinfo/freeipa-users 
Go to http://freeipa.org for more info on the project 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150602/a0765ecf/attachment.htm>