<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 04/27/2015 01:08 PM, Tony Izzo
wrote:<br>
</div>
<blockquote
cite="mid:CAKcjUv6ZrLdMwBSHtVsndVraMsr=z=wBCjwX=gzo7FTL9B0qCw@mail.gmail.com"
type="cite">
<div dir="ltr">I'm currently experimenting with Red Had Identity
Management 6.0,</div>
</blockquote>
<br>
This version does not make sense. Did you mean 7.0?<br>
<br>
<blockquote
cite="mid:CAKcjUv6ZrLdMwBSHtVsndVraMsr=z=wBCjwX=gzo7FTL9B0qCw@mail.gmail.com"
type="cite">
<div dir="ltr"> and I've noticed that when I create a user, and
have them change their password using the "passwd" command, the
password is changed in IdM, but the password expiration date is
not updated, so that their password remains expired.</div>
</blockquote>
<br>
Are you sure that the password is actually changed in the central
server?<br>
How does your PAM stack look like?<br>
Do you use SSSD?<br>
<br>
<blockquote
cite="mid:CAKcjUv6ZrLdMwBSHtVsndVraMsr=z=wBCjwX=gzo7FTL9B0qCw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Furthermore, the "expired" state of the password only seems
to apply to logging into the IdM Web UI (these users are
members of the "admins" group); users are able to log into any
RHEL machine configured as an IdM client, using their updated
password, even though the password is supposedly expired.</div>
</div>
</blockquote>
<br>
Are you sure you do not have an overlapping local user?<br>
<br>
<br>
<blockquote
cite="mid:CAKcjUv6ZrLdMwBSHtVsndVraMsr=z=wBCjwX=gzo7FTL9B0qCw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Any advice on what I'm doing wrong? Is the passwd command
a valid way for a user to update their own password? Thanks.</div>
</div>
</blockquote>
<br>
If this is the consistent behavior then I suggest you look at the
server logs and see what is going on on the KDC and LDAP side at the
moment of the password change.<br>
See the troubleshooting guide on the IPA wiki for more hints. <br>
<br>
<blockquote
cite="mid:CAKcjUv6ZrLdMwBSHtVsndVraMsr=z=wBCjwX=gzo7FTL9B0qCw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Tony</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>