On 04/15/2018 09:26 PM, TomK via FreeIPA-users wrote:
Hey Guy's,

Not 'really' an issue but curious about the logic behind this scenario.

I get a message saying "Your password expires in 4 days." So I go to change it for the admin user (I'm reusing the same pass) and type it in but then get this message:

IPA Error 4203: DatabaseError

Constraint violation: Too soon to change password.

I do have a replica but no errors in the log (grep -Ei error /var/log/ipa/* yields no results on both nodes).

So then why the message? Shouldn't it be perfectly legit to change the pass before it's expiration? Would like to be able to change it because in 4 days it won't be very convenient for me to do so.
I don't know your password policy settings. But there is a passwordMinAge. It is useful in combination with password history. If you want to prevent a user to reuse a password, it will prevent users to change their password 10 times in a sequence and use the first password again

Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to