I have been using IPA for authentication with a RHEV environment. 

Quite a while ago, I got help from this list in making it so that my users 
could access the WebUI with their login and passwords, no Kerberos ticket 
required. I also had it working that when their passwords expired, they would 
ssh to the IPA server as themselves, get challenged for their current password, 
and then the opportunity to provide a new one. 

The update to ipa-server 3.0.0-25.el6 means that I can no longer log into the 
WebUI with just a login and password (see attached screenshot) and that users 
who try and update expired passwords get:

 You must change your password now and login again!
 Changing password for user juwu.
 Current Password: 
 New password: 
 Retype new password: 
 Password change failed. Server message: Password not changed.
 Insufficient access to perform requested operation while trying to change 
 passwd: Authentication token manipulation error
 Connection to dns1.ecs-cloud.lab.eng.bne.redhat.com closed.

Can anyone help me restore that functionality? Please?

Tim Hildred, RHCE
Content Author II - Engineering Content Services, Red Hat, Inc.
Brisbane, Australia
Email: thild...@redhat.com
Internal: 8588287
Mobile: +61 4 666 25242
IRC: thildred

<<attachment: ipa_dialog.png>>

Freeipa-users mailing list

Reply via email to