Jenny Galipeau wrote:


Michael Kang wrote:
Dear FreeIPA community,

I successfully installed FreeIPA this morning. Now I got a problem about Kerberos Authentication. New user cannot modify their password in shell.
Hi Michael:
Did you set the new user's initial password?
kinit admin
ipa passwd haha
Thanks
Jenny
Also kinit as haha, because haha will be asked to change the password on first authentication.
Thanks
Jenny

I added a new user named /haha(group: ipauser)/ based on the webUI. This user is not a existed system user. Then I added a new Delegations(allow people in group ipauser can modify password for group ipauser) .

    /[mich...@freeipa Desktop]$ su - haha/
    /Password: /

    /Warning: Your password will expire in less than one hour./
    /Warning: password has expired./
    /Kerberos 5 Password: /
    /Warning: Your password will expire in less than one hour./
    /New UNIX password: /
    /Retype new UNIX password: /
    /su: incorrect password/
    /[mich...@freeipa Desktop]$ su - root/
    /Password: /
    /[r...@freeipa ~]# su - haha/
    /su: warning: cannot change directory to /home/haha: No such file
    or directory/
    /-sh-3.2$ /


Root can su - haha successfully. I think that means the Kerberos works, but new user cannot reset their password in their shell.

What should I do?

Best Regards,
Michael

--
Michael Kang(康上明学)
There is a giant asleep within every man. When the giant awakens,miracles happen.

Personal blog: http://ufusion.org - United Fusion
------------------------------------------------------------------------

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users




--
Jenny Galipeau <jgali...@redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to