Not allowed to change password once it has expired

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi
I have been unable to reliably recreate this issue. I can however with 95% certainty say that it revolves around the setting "User must change password after Reset"

There is a specific sequence in applying this and the password policy that will break the ability on a client to change his/her password.

I am continuing to test but are secretely hoping someone else has run into a similar problem. Googling the error has suggested a miconfigured pam. I do not believe that PAM is at fault here as I have been using the same client without config changes and the behaviour is different depending on how the auth server was configured.

Regards

________________________________________
From: 389-users-bounces at lists.fedoraproject.org [389-users-bounces at lists.fedoraproject.org] on behalf of Gerrard Geldenhuis [Gerrard.Geldenhuis at betfair.com]
Sent: 27 September 2010 17:26
To: 389-users at lists.fedoraproject.org
Subject: Not allowed to change password once it has expired

Hi
I am in the midsts of debugging this but am hoping anyone can shed some light on the issue or point me in the right direction.

A certain combination of changes to the global password policy seems to break the abbility to change a user's password.

user1 at client01.example's password:
You are required to change your LDAP password immediately.
Last login: Mon Sep 27 16:06:18 2010 from 10.5.11.115
Connection to client01.example closed.

When it works it looks like:
 ssh client01 -l user1
user1 at client01's password:
You are required to change your LDAP password immediately.
Creating directory '/home/user1'.
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user user1
Enter login(LDAP) password:
Connection to client01 closed.

Settings that we have toggled in the global password policy is:
Enable fine-grained password policy
User must change password after reset
Allow changes in x days


We don't change anything on the client so I am 99% sure its not a a pam misconfiguration.

Best Regards

________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________
--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from 
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux