On 10/09/2012 12:59 AM, Steven Jones wrote:
> Hi,
> 
> When a user logs in for the first time nad they have to set a new password, if
> it doesnt meet the passowrd standard/policy it fails with a "authentication
> token manipulation error" is it possible to get that changed so it says
> "password does not meet policy"?
> 
> 
> regards
> 
> Steven Jones
> 
> Technical Specialist - Linux RHCE
> 
> Victoria University, Wellington, NZ
> 
> 0064 4 463 6272
> 

Hello Steven,

what service did you use to log in (package versions may help too)? When I
tried ssh-ing a new user or login via login terminal, I got an explaining error
message:

1) PAM prevented the change

# ssh f...@ipa.example.com
f...@ipa.example.com's password:
Password expired. Change your password now.
Last login: Tue Oct  9 02:44:19 2012 from 10.0.0.1
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user fbar.
Current Password:
New password:
BAD PASSWORD: The password is shorter than 8 characters
New password:
BAD PASSWORD: The password fails the dictionary check - it is based on a
dictionary word
New password:
Retype new password: Connection to ipa.example.com closed.

2) IPA pwpolicy prevented the chgange

# ssh f...@ipa.example.com
f...@ipa.example.com's password:
Password expired. Change your password now.
Last login: Tue Oct  9 02:44:31 2012 from 10.0.0.1
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user fbar.
Current Password:
New password:
Retype new password:
Password change failed. Server message: Password does not contain enough
character classes

Password not changed.
passwd: Authentication token manipulation error
Connection to ipa.example.com closed.

Martin

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to