FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 09-27-2010, 04:26 PM
Gerrard Geldenhuis
 
Default Not allowed to change password once it has expired

Hi
I am in the midsts of debugging this but am hoping anyone can shed some light on the issue or point me in the right direction.

A certain combination of changes to the global password policy seems to break the abbility to change a user's password.

user1@client01.example's password:
You are required to change your LDAP password immediately.
Last login: Mon Sep 27 16:06:18 2010 from 10.5.11.115
Connection to client01.example closed.

When it works it looks like:
ssh client01 -l user1
user1@client01's password:
You are required to change your LDAP password immediately.
Creating directory '/home/user1'.
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user user1
Enter login(LDAP) password:
Connection to client01 closed.

Settings that we have toggled in the global password policy is:
Enable fine-grained password policy
User must change password after reset
Allow changes in x days


We don't change anything on the client so I am 99% sure its not a a pam misconfiguration.

Best Regards

__________________________________________________ ______________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

__________________________________________________ ______________________
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 09-28-2010, 12:43 PM
Gerrard Geldenhuis
 
Default Not allowed to change password once it has expired

Hi
I have been unable to reliably recreate this issue. I can however with 95% certainty say that it revolves around the setting "User must change password after Reset"

There is a specific sequence in applying this and the password policy that will break the ability on a client to change his/her password.

I am continuing to test but are secretely hoping someone else has run into a similar problem. Googling the error has suggested a miconfigured pam. I do not believe that PAM is at fault here as I have been using the same client without config changes and the behaviour is different depending on how the auth server was configured.

Regards

________________________________________
From: 389-users-bounces@lists.fedoraproject.org [389-users-bounces@lists.fedoraproject.org] on behalf of Gerrard Geldenhuis [Gerrard.Geldenhuis@betfair.com]
Sent: 27 September 2010 17:26
To: 389-users@lists.fedoraproject.org
Subject: [389-users] Not allowed to change password once it has expired

Hi
I am in the midsts of debugging this but am hoping anyone can shed some light on the issue or point me in the right direction.

A certain combination of changes to the global password policy seems to break the abbility to change a user's password.

user1@client01.example's password:
You are required to change your LDAP password immediately.
Last login: Mon Sep 27 16:06:18 2010 from 10.5.11.115
Connection to client01.example closed.

When it works it looks like:
ssh client01 -l user1
user1@client01's password:
You are required to change your LDAP password immediately.
Creating directory '/home/user1'.
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user user1
Enter login(LDAP) password:
Connection to client01 closed.

Settings that we have toggled in the global password policy is:
Enable fine-grained password policy
User must change password after reset
Allow changes in x days


We don't change anything on the client so I am 99% sure its not a a pam misconfiguration.

Best Regards

__________________________________________________ ______________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

__________________________________________________ ______________________
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

__________________________________________________ ______________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

__________________________________________________ ______________________
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 07:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org