On 09/27/2013 09:31 AM, Innes, Duncan wrote:

-----Original Message-----
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Sumit Bose
Sent: 26 September 2013 17:36
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Force IPA to accept password?
Which command did you use to change the password? 'passwd' or
'ipa passwd'?

If you use 'passwd' the PAM stack on the client for the
passwd command comes into play which typically has some
modules like pam_pwquality.so listed which do checks
including dictionary checks.

If you use 'ipa passwd' the password should be only validated
against the server-side password policy Martin mentioned above.

Sumit, yes - I used 'passwd'.  I'll look into using 'ipa passwd' in
3 months time :-)

Eh, ok :-) BTW, you could also standard kpasswd, it should also avoid modules like pam_pwquality.so and only use the server policy.


Freeipa-users mailing list

Reply via email to