On Wed, Sep 28, 2011 at 01:59:36PM -0400, Nalin Dahyabhai wrote:
> On Wed, Sep 28, 2011 at 02:49:02PM +0800, Goff, Raal wrote:
> > The only difference I know about is that the users who CAN change their 
> > passwords have not got an expired password (so they can login and use 
> > kpasswd from the shell), whereas those who CANNOT change their password 
> > need to reset it before logging in (i.e., they get the 'your password has 
> > expired, reset it now etc etc). I updated the kerberos libraries/tools on 
> > the CentOS 6.0 box using the Continuous Release repository, and then edited 
> > the ldap configuration to get around 
> > https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=713525 and 
> > users can now reset their passwords on that box during login and on the 
> > shell (kpasswd). I'm not sure which of these actually fixed the problem (if 
> > any).
> Ah, somehow I'd missed that you were running 6.0.  If your client
> systems are using pam_krb5 instead of SSSD, then you're likely hitting
> https://bugzilla.redhat.com/show_bug.cgi?id=690583, which was fixed in
> 6.1.

He said he was updating the passwords with kpasswd, which should bypass
the pam stack and talk to the kpasswd deamon directly, right?

Freeipa-users mailing list

Reply via email to