On Wed, Sep 28, 2011 at 09:38:33PM +0200, Jakub Hrozek wrote:
> He said he was updating the passwords with kpasswd, which should bypass
> the pam stack and talk to the kpasswd deamon directly, right?
The users who can change their passwords can log in and do so with
kpasswd, but the ones who can't change their passwords can't log in
to run kpasswd because the login-time password change (which goes
through PAM) is failing.
I expect that users who attempt to change their passwords with the
"passwd" command are also triggering the same bug.
Freeipa-users mailing list