RHEL6 is quite a broad specification :-) There are 3 additional minor numbers and the fourth is coming.
But as Simo suggested in this thread, this issue should be fixed in next RHEL release. I could not reproduce in Fedora too, you can check my ssh outputs below - a reason why the new password is rejected is returned to user. Martin On 10/09/2012 09:44 PM, Steven Jones wrote: > Hi, > > The user was on ssh. > > RHEL6 64bit. > > > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ________________________________________ > From: Martin Kosek [mko...@redhat.com] > Sent: Tuesday, 9 October 2012 7:54 p.m. > To: Steven Jones > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] confusing users > > On 10/09/2012 12:59 AM, Steven Jones wrote: >> Hi, >> >> When a user logs in for the first time nad they have to set a new password, >> if >> it doesnt meet the passowrd standard/policy it fails with a "authentication >> token manipulation error" is it possible to get that changed so it says >> "password does not meet policy"? >> >> >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> > > Hello Steven, > > what service did you use to log in (package versions may help too)? When I > tried ssh-ing a new user or login via login terminal, I got an explaining > error > message: > > 1) PAM prevented the change > > # ssh f...@ipa.example.com > f...@ipa.example.com's password: > Password expired. Change your password now. > Last login: Tue Oct 9 02:44:19 2012 from 10.0.0.1 > WARNING: Your password has expired. > You must change your password now and login again! > Changing password for user fbar. > Current Password: > New password: > BAD PASSWORD: The password is shorter than 8 characters > New password: > BAD PASSWORD: The password fails the dictionary check - it is based on a > dictionary word > New password: > Retype new password: Connection to ipa.example.com closed. > > 2) IPA pwpolicy prevented the chgange > > # ssh f...@ipa.example.com > f...@ipa.example.com's password: > Password expired. Change your password now. > Last login: Tue Oct 9 02:44:31 2012 from 10.0.0.1 > WARNING: Your password has expired. > You must change your password now and login again! > Changing password for user fbar. > Current Password: > New password: > Retype new password: > Password change failed. Server message: Password does not contain enough > character classes > > Password not changed. > passwd: Authentication token manipulation error > Connection to ipa.example.com closed. > > Martin > > _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users