Tim, please check your /etc/pam.d/system-auth with the password block. If you see password requisite pam_cracklib.so, then this is why you are having a problem.
$ man pam_cracklib It is a local security library for enforcing strong password practices from the unix cli. ProTip: If you don't need this, you can remove it from pam If you want to work around this, set your password from the IPA webui or via the cli: "ipa passwd username" Hope this info helps! "Keeping your head in the cloud" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ JR Aquino Senior Information Security Specialist, Technical Operations T: +1 805 690 3478 | F: +1 805 879 3730 | M: +1 805 717 0365 GIAC Certified Incident Handler | GIAC WebApplication Penetration Tester jr.aqu...@citrix.com<mailto:jr.aqu...@citrix.com> [cid:image002.jpg@01CD4A37.5451DC00] Powering mobile workstyles and cloud services On Sep 17, 2012, at 6:25 PM, Tim Hildred wrote: Hey all; I'm running IPA internally to control access to our cloud environment. I must admit, I do not understand the password requirements. I have had them set to the defaults. I read this: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/user-pwdpolicy.html I have the minimum character classes set to 0. When people use SSH to change their passwords, they get "Based on a dictionary word" for passwords that have nothing to do with dictionary words. I can't find anywhere in the documentation a break down of what makes an unacceptable versus acceptable password. Can anyone help me figure out what to tell my users? I think people would get a lot less frustrated if they knew why "C679V375" was "too simple" when the password policy has 0 required classes. Tim Hildred, RHCE Content Author II - Engineering Content Services, Red Hat, Inc. Brisbane, Australia Email: thild...@redhat.com Internal: 8588287 Mobile: +61 4 666 25242 IRC: thildred ps: funny exchange with user: Jul 12 14:12:33 <user1> i feel like im being punked Jul 12 14:12:40 <user1> it is based on a dictionary word Jul 12 14:12:43 <user1> it is too short Jul 12 14:12:49 <user1> is does not have enough unique letters Jul 12 14:12:51 <user1> etc _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users