On 2024-09-23 13:15:47, Sumit Bose via FreeIPA-users wrote:
by default SSSD tries to do online authentication as long as SSSD is online, i.e. can reach the server. This behavior can be changed with the `cached_auth_timeout` option which allows SSSD to used the stored password hash for authentication for the time given with the option, see man sssd.conf for details. Did you, by chance, use this option in sssd.conf?
No, cached_auth_timeout is not set. I am not sure if it is relevant here, since the user cannot login using his new password. The cached_auth_timeout seems to be important *after* login for reauthen- tication. Regards Harri -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
