On Fri, Sep 27, 2013 at 10:27:30AM +0200, Martin Kosek wrote: > On 09/27/2013 09:31 AM, Innes, Duncan wrote: > > > > > >>-----Original Message----- > >>From: freeipa-users-boun...@redhat.com > >>[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Sumit Bose > >>Sent: 26 September 2013 17:36 > >>To: firstname.lastname@example.org > >>Subject: Re: [Freeipa-users] Force IPA to accept password? > ... > >>Which command did you use to change the password? 'passwd' or > >>'ipa passwd'? > >> > >>If you use 'passwd' the PAM stack on the client for the > >>passwd command comes into play which typically has some > >>modules like pam_pwquality.so listed which do checks > >>including dictionary checks. > >> > >>If you use 'ipa passwd' the password should be only validated > >>against the server-side password policy Martin mentioned above. > > > >Sumit, yes - I used 'passwd'. I'll look into using 'ipa passwd' in > >about > >3 months time :-) > > Eh, ok :-) BTW, you could also standard kpasswd, it should also > avoid modules like pam_pwquality.so and only use the server policy.
Martin, pam_pwquality has an option called 'local_users_only'. According to bz849072 it should be set by default since F18 but it looks like it is not set in F19. Should we open a ticket to investigate it? bye, Sumit > > Martin > > _______________________________________________ > Freeipa-users mailing list > Freeipaemail@example.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users