On 11/06/2017 10:21 AM, Rob Crittenden wrote:
That may be it. Looks like agetty uses login, so that is configured by
/etc/login.defs and there is a timeout option for that. I'll have to
wait for the next slow typist with an expired password to get a real
test though. Thanks.
Moving back to freeipa-users list.
Stephen Berg (Contractor, Code 7320) wrote:
On 11/06/2017 09:37 AM, Rob Crittenden wrote:
Stephen Berg (Contractor, Code 7320) via FreeIPA-users wrote:
On 11/06/2017 08:02 AM, Stephen Berg (Contractor, Code 7320) via
Had a few users get kicked off a console session while changing their
password. Seems there's a rather short timeout for this. Is the
timeout a configuration that can be adjusted somewhere in IPA or
possibly pam.d? I've been looking for it but haven't come across
anything that looks likely so far.
Forgot to mention... Systems are running SciLinux 7.3 or 7.4 same as the
Need more information.
How are you changing the password? I'm assuming you mean logging into
the console with an expired password but it isn't clear.
What output are you getting?
Was this configuring using ipa-client-install?
Switching to a console with Ctrl-Alt-F3, user with an expired password
logs in, gets told their password has expired and they need to change
it. The system asks for current password again, they type that, then
they type a new password twice to get it changed. The problem comes up
with a slow typist and partway through the process the console just
kicks them off and they're back at a login prompt. There's no error
message on the screen that I've been able to see, and I'm not seeing any
log entries to indicate a problem.
IIRC agetty handles console logins these days and I'm assuming that is
invoked by systemd-getty-generator. I'm not sure what knobs are
available to tune timeouts with these.
NRL Code: 7320
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org