Just experienced some weird behaviour on my Fedora 17 installation, just wanted to check if this was expected.

I have the default config that requires a user to change their password the first time they run kinit.

However I created a user and immediately used ipa-getkeytab as this user will be a non-interactive process, despite the ipa-getkeytab resetting the secret for the user the first attempt at authentication failed as the user was still told to change their password.

My expectation would have been that any update to the secret should meet the requirement for the user to change their password.

Darran Lofthouse.

Freeipa-users mailing list

Reply via email to