Moving back to freeipa-users list.
Stephen Berg (Contractor, Code 7320) wrote:
On 11/06/2017 09:37 AM, Rob Crittenden wrote:
> Stephen Berg (Contractor, Code 7320) via FreeIPA-users wrote:
>> On 11/06/2017 08:02 AM, Stephen Berg (Contractor, Code 7320) via
>> FreeIPA-users wrote:
>>> Had a few users get kicked off a console session while changing their
>>> password. Seems there's a rather short timeout for this. Is the
>>> timeout a configuration that can be adjusted somewhere in IPA or
>>> possibly pam.d? I've been looking for it but haven't come across
>>> anything that looks likely so far.
>>>
>> Forgot to mention... Systems are running SciLinux 7.3 or 7.4 same as the
>> ipa servers.
>>
> Need more information.
>
> How are you changing the password? I'm assuming you mean logging into
> the console with an expired password but it isn't clear.
>
> What output are you getting?
>
> Was this configuring using ipa-client-install?
>
>
>
> rob
>
Switching to a console with Ctrl-Alt-F3, user with an expired password
logs in, gets told their password has expired and they need to change
it. The system asks for current password again, they type that, then
they type a new password twice to get it changed. The problem comes up
with a slow typist and partway through the process the console just
kicks them off and they're back at a login prompt. There's no error
message on the screen that I've been able to see, and I'm not seeing any
log entries to indicate a problem.
IIRC agetty handles console logins these days and I'm assuming that is
invoked by systemd-getty-generator. I'm not sure what knobs are
available to tune timeouts with these.
rob