[Freeipa-users] password resets - errors
Rob Crittenden
rcritten at redhat.com
Mon Sep 28 13:10:57 UTC 2015
Janelle wrote:
> Hello,
>
> I continue to see these a lot, but only on some servers. It causes a lot
> of confusions with my users. There must be a way to troubleshoot this
> and find the issue. Also, there is nothing wrong with the password
> policies. They are all set to default, and this occurs even when a
> user's password has expired. The only thing I can say is it tends to
> happen on more heavily loaded servers than lightly loaded ones. And
> perhaps the most important point - the password *IS* changed successfully!
>
> Changing password for user expired-user.
> Current Password:
> New password:
> Retype new password:
> Password change failed. Server message: Current password's minimum life
> has not expired
>
> Password not changed.
> passwd: Authentication token manipulation error
>
> Thoughts? Anything?
>
> ~Janelle
>
What tool is changing the expired password?
I'd be curious to see the password policy for the user, ipa
pwpolicy-show --user=<user>
Seeing the krbLastPwdChange and krbPasswordExpiration might be handy too.
rob
More information about the Freeipa-users
mailing list