On Tue, Sep 18, 2012 at 09:43:48PM -0400, Tim Hildred wrote: > So, commenting out: > password requisite pam_cracklib.so try_first_pass retry=3 type= > dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8 > > Caused users updating their passwords using ssh to get: > > [ykatabam@ykatabam ~]$ ssh ykata...@dns1.ecs-cloud.lab.eng.bne.redhat.com > ykata...@dns1.ecs-cloud.lab.eng.bne.redhat.com's password: > Permission denied, please try again. > ykata...@dns1.ecs-cloud.lab.eng.bne.redhat.com's password: > Password expired. Change your password now. > Last login: Fri Sep 14 10:20:49 2012 from vpn1-48-53.bne.redhat.com > WARNING: Your password has expired. > You must change your password now and login again! > Changing password for user ykatabam. > Current Password: > Password change failed. Server message: Password change failed > passwd: Authentication token manipulation error > Connection to dns1.ecs-cloud.lab.eng.bne.redhat.com closed. > > Is that to say that you need at least 1 password requisite? That instead of > commenting out the password requisite pam_cracklib.so, I should have replaced > it with something?
What did /var/log/secure have to say? The message sounds to me like it's coming from the server.. _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users