On 09/18/2012 07:34 AM, Charlie Derwent wrote:
> Hi
>  
> I've used "ipa host-disable ${HOST}; ipa host-mod --password=${PASS}
> ${HOST}" In the past and that seems to work quite well. The ideal for
> me would be a situation where the IPA information could persist
> between rebuilds.


Can you please elaborate more?
Between rebuilds of what client or server?
And what information you want to persist: cert, keytab, OTP?

Thanks
Dmitri

>  
> Cheers,
> Charlie
> On Tue, Sep 18, 2012 at 12:05 PM, Innes, Duncan
> <duncan.in...@virginmoney.com <mailto:duncan.in...@virginmoney.com>>
> wrote:
>
>     Folks,
>
>     Juggling a problem here that perhaps doesn't have a perfect solution.
>     I'm looking at systems that get re-provisioned by a
>     Satellite/Spacewalk/Installation method.  For full (Free)IPA
>     integration, we normally delete the old entry from IPA, create a
>     new one
>     from scratch and set the OTP to match what we put in our post-install
>     script called by the kickstart file.
>
>     Just noticed that I can do the same thing by Unprovisioning the system
>     via the WebUI and then setting the OTP.
>
>     Is there a way to Unprovision a registered host and set a OTP via the
>     command line?  I was looking at 'ipa host-mod --setattr' but not
>     getting
>     too far with the Unprovisioning aspect.
>
>     Duncan Innes | Linux Architect | Virgin Money | +44 1603 215476
>     <tel:%2B44%201603%20215476> | +44
>     7801 134507 | duncan.in...@virginmoney.com
>     <mailto:duncan.in...@virginmoney.com>
>
>
>
>     > -----Original Message-----
>     > From: freeipa-users-boun...@redhat.com
>     <mailto:freeipa-users-boun...@redhat.com>
>     > [mailto:freeipa-users-boun...@redhat.com
>     <mailto:freeipa-users-boun...@redhat.com>] On Behalf Of JR Aquino
>     > Sent: 18 September 2012 03:58
>     > To: Tim Hildred
>     > Cc: freeipa-users
>     > Subject: Re: [Freeipa-users] Password requirements too stringent
>     >
>     >
>     > On Sep 17, 2012, at 7:53 PM, Tim Hildred wrote:
>     >
>     > > JR
>     > >
>     > > I had that line. I commented it out. Thank you.
>     > >
>     > > Now, what do I have to restart?
>     >
>     > I believe it should take effect in real time, but you may
>     > need to test to be sure.  If it is still happening, you may
>     > need to double check that some other pam cfg doesn't also
>     > have it present: $ cd /etc/pam.d/ && grep pam_cracklib *
>     >
>     > If you have removed it from everything and it is still giving
>     > you the same error, then I would try a reboot... perhaps
>     > getty needs to reinitialize or something.  But I'd try those
>     > steps before a reboot!
>     >
>     > ;)
>     >
>     > > Tim Hildred, RHCE
>     > > Content Author II - Engineering Content Services, Red Hat, Inc.
>     > > Brisbane, Australia
>     > > Email: thild...@redhat.com <mailto:thild...@redhat.com>
>     > > Internal: 8588287
>     > > Mobile: +61 4 666 25242 <tel:%2B61%204%20666%2025242>
>     > > IRC: thildred
>     > >
>     > > ----- Original Message -----
>     > >> From: "JR Aquino" <jr.aqu...@citrix.com
>     <mailto:jr.aqu...@citrix.com>>
>     > >> To: "Tim Hildred" <thild...@redhat.com
>     <mailto:thild...@redhat.com>>
>     > >> Cc: "freeipa-users" <freeipa-users@redhat.com
>     <mailto:freeipa-users@redhat.com>>
>     > >> Sent: Tuesday, September 18, 2012 12:37:48 PM
>     > >> Subject: Re: [Freeipa-users] Password requirements too stringent
>     > >>
>     > >> Tim, please check your /etc/pam.d/system-auth with the password
>     > >> block.  If you see password    requisite     pam_cracklib.so,
>     then
>     > >> this is why you are having a problem.
>     > >>
>     > >> $ man pam_cracklib
>     > >>
>     > >> It is a local security library for enforcing strong password
>     > >> practices from the unix cli.
>     > >>
>     > >> ProTip:
>     > >> If you don't need this, you can remove it from pam If you want to
>     > >> work around this, set your password from the IPA webui or via the
>     > >> cli: "ipa passwd username"
>     > >>
>     > >> Hope this info helps!
>     > >>
>     > >> "Keeping your head in the cloud"
>     > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     > >> JR Aquino
>     > >>
>     > >> Senior Information Security Specialist, Technical Operations
>     > >> T: +1 805 690 3478 <tel:%2B1%20805%20690%203478> | F: +1 805
>     879 3730 <tel:%2B1%20805%20879%203730> | M: +1 805 717 0365
>     <tel:%2B1%20805%20717%200365> GIAC
>     > >> Certified Incident Handler | GIAC WebApplication
>     > Penetration Tester
>     > >> jr.aqu...@citrix.com
>     <mailto:jr.aqu...@citrix.com><mailto:jr.aqu...@citrix.com
>     <mailto:jr.aqu...@citrix.com>>
>     > >>
>     > >>
>     > >> [cid:image002.jpg@01CD4A37.5451DC00]
>     > >>
>     > >> Powering mobile workstyles and cloud services
>     > >>
>     > >>
>     > >>
>     > >>
>     > >>
>     > >> On Sep 17, 2012, at 6:25 PM, Tim Hildred wrote:
>     > >>
>     > >> Hey all;
>     > >>
>     > >> I'm running IPA internally to control access to our cloud
>     > >> environment.
>     > >>
>     > >> I must admit, I do not understand the password
>     > requirements. I have
>     > >> had them set to the defaults. I read this:
>     > >>
>     >
>     https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Lin
>     > >> ux/6/html/Identity_Management_Guide/user-pwdpolicy.html
>     > >>
>     > >> I have the minimum character classes set to 0. When people
>     > use SSH to
>     > >> change their passwords, they get "Based on a dictionary word" for
>     > >> passwords that have nothing to do with dictionary words.
>     > >>
>     > >> I can't find anywhere in the documentation a break down of
>     > what makes
>     > >> an unacceptable versus acceptable password.
>     > >>
>     > >> Can anyone help me figure out what to tell my users? I
>     > think people
>     > >> would get a lot less frustrated if they knew why
>     > "C679V375" was "too
>     > >> simple" when the password policy has 0 required classes.
>     > >>
>     > >> Tim Hildred, RHCE
>     > >> Content Author II - Engineering Content Services, Red Hat, Inc.
>     > >> Brisbane, Australia
>     > >> Email: thild...@redhat.com <mailto:thild...@redhat.com>
>     > >> Internal: 8588287
>     > >> Mobile: +61 4 666 25242 <tel:%2B61%204%20666%2025242>
>     > >> IRC: thildred
>     > >>
>     > >> ps: funny exchange with user:
>     > >> Jul 12 14:12:33 <user1> i feel like im being punked Jul 12
>     > 14:12:40
>     > >> <user1> it is based on a dictionary word Jul 12 14:12:43
>     > <user1> it
>     > >> is too short Jul 12 14:12:49 <user1> is does not have
>     > enough unique
>     > >> letters Jul 12 14:12:51 <user1> etc
>     > >>
>     > >> _______________________________________________
>     > >> Freeipa-users mailing list
>     > >> Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
>     > >> https://www.redhat.com/mailman/listinfo/freeipa-users
>     > >>
>     > >>
>     >
>     >
>     > _______________________________________________
>     > Freeipa-users mailing list
>     > Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
>     > https://www.redhat.com/mailman/listinfo/freeipa-users
>     >
>     > This message has been checked for viruses and spam by the
>     > Virgin Money email scanning system powered by Messagelabs.
>     >
>
>
>     Northern Rock plc is part of the Virgin Money group of companies.
>
>     This e-mail is intended to be confidential to the recipient. If
>     you receive a copy in error, please inform the sender and then
>     delete this message.
>
>     Virgin Money Personal Financial Service Limited is authorised and
>     regulated by the Financial Services Authority. Company no. 3072766.
>
>     Virgin Money Unit Trust Managers Limited is authorised and
>     regulated by the Financial Services Authority. Company no. 3000482.
>
>     Virgin Money Cards Limited. Introducer appointed representative
>     only of Virgin Money Personal Financial Service Limited. Company
>     no. 4232392.
>
>     Virgin Money Management Services Limited. Company no. 3072772.
>
>     Virgin Money Holdings (UK) Limited. Company no. 3087587.
>
>     Each of the above companies is registered in England and Wales and
>     has its registered office at Discovery House, Whiting Road,
>     Norwich NR4 6EJ.
>
>     Northern Rock plc. Authorised and regulated by the Financial
>     Services Authority. Registered in England and Wales (Company no.
>     6952311) with its registered office at Northern Rock House,
>     Gosforth, Newcastle upon Tyne NE3 4PL.
>
>     The above companies use the trading name Virgin Money.
>
>
>     _______________________________________________
>     Freeipa-users mailing list
>     Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to