On Tue, Aug 6, 2013 at 4:31 PM, Davis Goodman
<davis.good...@digital-district.ca> wrote:
> Hi,
> I have an FreeIPA server configured, managed to configure a Mountain Lion 
> Client for automounts and user logins.
> My issue is that whenever I first login with a user the "New Password" box 
> shows up and even if I try to change the password the box keeps reappearing 
> without any success.
> If I log onto the machine with the local admin user and try to get a ticket 
> for this user I get a "New Password" prompt. From there I can change the 
> password and I get a ticket without an issue. After that I can login through 
> the GUI without being asked for a new password.
> Anyone has seen this behaviour before?

That's the expected behavior.  When you set the user's password as an
admin, it sets the "force a password change" flag.

I don't know anything aobut OSX, but there may be a way to configure
the login GUI to deal with the password change correctly.

Failing that, you can use a web based password change utility and let
users do self service, or if you don't want that you can set up a
special password administrator you can use that when it sets passwords
it doesn't force a change (bad idea.)

For setting up either, you need to do this:


for the password change user.

This is the web based password change utility I chose to use, but
there are others -- or you can roll your own:



The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6

Freeipa-users mailing list

Reply via email to