Hi, following some advice I received here a few months back, I'm trying to get sssd set up for auth with a 389-ds backend. Almost everything works well, except for the ability to change expired passwords. When A user has an expired password, he/she is unable to change it. The exchange looks like: WARNING: Your password has expired. You must change your password now and login again! Changing password for user testacct2. Current Password: New password: Retype new password: Password change failed. Server message: Failed to update password passwd: Authentication token is no longer valid; new one required And the entry in /var/log/secure looks like: Jan 30 16:44:37 ldap01 passwd: pam_sss(passwd:chauthtok): User info message: Password change failed. Server message: Failed to update password Jan 30 16:44:37 ldap01 passwd: pam_sss(passwd:chauthtok): Password change failed for user testacct2: 12 (Authentication token is no longer valid; new one required) And the associated entry in /etc/pam.d/system-auth is: password sufficient pam_sss.so use_authtok I'm hoping that somebody else here has solved this problem. -- Mitch Patenaude _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
