On Tue, Sep 18, 2012 at 09:43:48PM -0400, Tim Hildred wrote:
> So, commenting out: 
> password    requisite     pam_cracklib.so try_first_pass retry=3 type= 
> dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
> Caused users updating their passwords using ssh to get:
> [ykatabam@ykatabam ~]$ ssh ykata...@dns1.ecs-cloud.lab.eng.bne.redhat.com
> ykata...@dns1.ecs-cloud.lab.eng.bne.redhat.com's password:
> Permission denied, please try again.
> ykata...@dns1.ecs-cloud.lab.eng.bne.redhat.com's password:
> Password expired. Change your password now.
> Last login: Fri Sep 14 10:20:49 2012 from vpn1-48-53.bne.redhat.com
> WARNING: Your password has expired.
> You must change your password now and login again!
> Changing password for user ykatabam.
> Current Password:
> Password change failed. Server message: Password change failed
> passwd: Authentication token manipulation error
> Connection to dns1.ecs-cloud.lab.eng.bne.redhat.com closed.
> Is that to say that you need at least 1 password requisite? That instead of 
> commenting out the password requisite pam_cracklib.so, I should have replaced 
> it with something?

What did /var/log/secure have to say?

The message sounds to me like it's coming from the server..

Freeipa-users mailing list

Reply via email to