On 11/06/2017 10:21 AM, Rob Crittenden wrote:
Moving back to freeipa-users list.

Stephen Berg (Contractor, Code 7320) wrote:
On 11/06/2017 09:37 AM, Rob Crittenden wrote:
Stephen Berg (Contractor, Code 7320) via FreeIPA-users wrote:
On 11/06/2017 08:02 AM, Stephen Berg (Contractor, Code 7320) via
FreeIPA-users wrote:
Had a few users get kicked off a console session while changing their
password.  Seems there's a rather short timeout for this.  Is the
timeout a configuration that can be adjusted somewhere in IPA or
possibly pam.d?  I've been looking for it but haven't come across
anything that looks likely so far.

Forgot to mention... Systems are running SciLinux 7.3 or 7.4 same as the
ipa servers.

Need more information.

How are you changing the password? I'm assuming you mean logging into
the console with an expired password but it isn't clear.

What output are you getting?

Was this configuring using ipa-client-install?



rob

Switching to a console with Ctrl-Alt-F3, user with an expired password
logs in, gets told their password has expired and they need to change
it.  The system asks for current password again, they type that, then
they type a new password twice to get it changed.  The problem comes up
with a slow typist and partway through the process the console just
kicks them off and they're back at a login prompt. There's no error
message on the screen that I've been able to see, and I'm not seeing any
log entries to indicate a problem.

IIRC agetty handles console logins these days and I'm assuming that is
invoked by systemd-getty-generator. I'm not sure what knobs are
available to tune timeouts with these.

rob

That may be it. Looks like agetty uses login, so that is configured by /etc/login.defs and there is a timeout option for that.  I'll have to wait for the next slow typist with an expired password to get a real test though.  Thanks.


--

--
*Stephen Berg*
Systems Administrator
NRL Code: 7320
Office: 228-688-5738
stephen.berg....@nrlssc.navy.mil
NRL Logo
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
  • [Freeipa-users] pas... Stephen Berg (Contractor, Code 7320) via FreeIPA-users
    • [Freeipa-users... Stephen Berg (Contractor, Code 7320) via FreeIPA-users
      • [Freeipa-u... Rob Crittenden via FreeIPA-users
        • [Freei... Rob Crittenden via FreeIPA-users
          • [F... Stephen Berg (Contractor, Code 7320) via FreeIPA-users
            • ... Rob Crittenden via FreeIPA-users

Reply via email to