Hi
I have been unable to reliably recreate this issue. I can however with 95% certainty say
that it revolves around the setting "User must change password after Reset"
There is a specific sequence in applying this and the password policy that will break the
ability on a client to change his/her password.
I am continuing to test but are secretely hoping someone else has run into a similar
problem. Googling the error has suggested a miconfigured pam. I do not believe that PAM is
at fault here as I have been using the same client without config changes and the
behaviour is different depending on how the auth server was configured.
Regards
________________________________________
From: 389-users-bounces(a)lists.fedoraproject.org
[389-users-bounces(a)lists.fedoraproject.org] on behalf of Gerrard Geldenhuis
[Gerrard.Geldenhuis(a)betfair.com]
Sent: 27 September 2010 17:26
To: 389-users(a)lists.fedoraproject.org
Subject: [389-users] Not allowed to change password once it has expired
Hi
I am in the midsts of debugging this but am hoping anyone can shed some light on the issue
or point me in the right direction.
A certain combination of changes to the global password policy seems to break the abbility
to change a user's password.
user1(a)client01.example's password:
You are required to change your LDAP password immediately.
Last login: Mon Sep 27 16:06:18 2010 from 10.5.11.115
Connection to client01.example closed.
When it works it looks like:
ssh client01 -l user1
user1@client01's password:
You are required to change your LDAP password immediately.
Creating directory '/home/user1'.
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user user1
Enter login(LDAP) password:
Connection to client01 closed.
Settings that we have toggled in the global password policy is:
Enable fine-grained password policy
User must change password after reset
Allow changes in x days
We don't change anything on the client so I am 99% sure its not a a pam
misconfiguration.
Best Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________