Jenny Galipeau wrote:

Michael Kang wrote:
Dear FreeIPA community,

I successfully installed FreeIPA this morning. Now I got a problem about Kerberos Authentication. New user cannot modify their password in shell.
Hi Michael:
Did you set the new user's initial password?
kinit admin
ipa passwd haha
Also kinit as haha, because haha will be asked to change the password on first authentication.

I added a new user named /haha(group: ipauser)/ based on the webUI. This user is not a existed system user. Then I added a new Delegations(allow people in group ipauser can modify password for group ipauser) .

    /[mich...@freeipa Desktop]$ su - haha/
    /Password: /

    /Warning: Your password will expire in less than one hour./
    /Warning: password has expired./
    /Kerberos 5 Password: /
    /Warning: Your password will expire in less than one hour./
    /New UNIX password: /
    /Retype new UNIX password: /
    /su: incorrect password/
    /[mich...@freeipa Desktop]$ su - root/
    /Password: /
    /[r...@freeipa ~]# su - haha/
    /su: warning: cannot change directory to /home/haha: No such file
    or directory/
    /-sh-3.2$ /

Root can su - haha successfully. I think that means the Kerberos works, but new user cannot reset their password in their shell.

What should I do?

Best Regards,

Michael Kang(康上明学)
There is a giant asleep within every man. When the giant awakens,miracles happen.

Personal blog: - United Fusion

Freeipa-users mailing list

Jenny Galipeau <>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering

Freeipa-users mailing list

Reply via email to