Re: [Freeipa-users] user-mod --rename and password

Thu, 07 May 2015 06:51:08 -0700 

Alexander Bokovoy wrote:
> On Thu, 07 May 2015, Jan Pazdziora wrote:
>>
>> Hello,
>>
>> I try to test renaming of user objects. I start with user bob and I'm
>> able to kinit just fine:
>>
>>     # echo BobPassword123 | kinit bob
>>     Password for b...@example.test:
>>     #
>>
>> I then rename the user:
>>
>>     # echo Password123 | kinit admin
>>     Password for ad...@example.test:
>>     # ipa user-mod --rename=bob1 bob
>>     ------------------------
>>     Modified user "bob"
>>     ------------------------
>>       User login: bob1
>>       First name: Robert
>>       Last name: Chase
>>       Home directory: /home/bob
>>       Login shell: /bin/sh
>>       Email address: b...@example.test
>>       UID: 251800001
>>       GID: 251800001
>>       Account disabled: False
>>       Password: True
>>       Member of HBAC rule: allow_wikiapp
>>       Kerberos keys available: True
>>
>> And I try to kinit with the original password and it fails:
>>
>>     # echo BobPassword123 | kinit bob1
>>     Password for b...@example.test:
>>     kinit: Password incorrect while getting initial credentials
>>     #
>>
>> Then I rename the user back and the original password starts to work
>> again:
>>
>>     # echo Password123 | kinit admin
>>     Password for ad...@example.test:
>>     # ipa user-mod --rename=bob bob1
>>     --------------------
>>     Modified user "bob1"
>>     --------------------
>>       User login: bob
>>       First name: Robert
>>       Last name: Chase
>>       Home directory: /home/bob
>>       Login shell: /bin/sh
>>       Email address: b...@example.test
>>       UID: 251800001
>>       GID: 251800001
>>       Account disabled: False
>>       Password: True
>>       Member of HBAC rule: allow_wikiapp
>>       Kerberos keys available: True
>>     # echo BobPassword123 | kinit bob
>>     Password for b...@example.test:
>>     #
>>
>> Is this expected? It's with 4.1.0.
> Yes, we have a bug for this, actually, few of them:
> https://fedorahosted.org/freeipa/ticket/4757
> 
> The actual issue is due to https://fedorahosted.org/freeipa/ticket/4914
> 

Well, in this case the principal isn't changed at all, it's still
b...@example.test, which is why the password doesn't work. There probably
is no bob1 principal anywhere.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to