On pe, 24 marras 2017, Sumit Bose via FreeIPA-users wrote:
On Fri, Nov 24, 2017 at 04:57:01PM +1300, Aaron Hicks via FreeIPA-users wrote:
Hello the list,



It's here:
https://pagure.io/SSSD/sssd/blob/master/f/src/providers/ipa/ipa_auth.c#_395



SSSD is not doing its job properly when a user has an expired password and
an OTP token, and they should reset their password at the ssh prompt.

Yes, SSSD does no behave well with OTP and an expired password and I
agree with you analysis below. The area of code you mentioned above is
not related because it is a special path only used during password
migration (user was migrated from LDAP with the LDAP password hash but
no Kerberos keys).

Would you mind to open a ticket on https://pagure.io/SSSD/sssd/issues
for this?
https://pagure.io/SSSD/sssd/issue/3585

--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to