Alexander Bokovoy wrote: > On Thu, 07 May 2015, Jan Pazdziora wrote: >> >> Hello, >> >> I try to test renaming of user objects. I start with user bob and I'm >> able to kinit just fine: >> >> # echo BobPassword123 | kinit bob >> Password for b...@example.test: >> # >> >> I then rename the user: >> >> # echo Password123 | kinit admin >> Password for ad...@example.test: >> # ipa user-mod --rename=bob1 bob >> ------------------------ >> Modified user "bob" >> ------------------------ >> User login: bob1 >> First name: Robert >> Last name: Chase >> Home directory: /home/bob >> Login shell: /bin/sh >> Email address: b...@example.test >> UID: 251800001 >> GID: 251800001 >> Account disabled: False >> Password: True >> Member of HBAC rule: allow_wikiapp >> Kerberos keys available: True >> >> And I try to kinit with the original password and it fails: >> >> # echo BobPassword123 | kinit bob1 >> Password for b...@example.test: >> kinit: Password incorrect while getting initial credentials >> # >> >> Then I rename the user back and the original password starts to work >> again: >> >> # echo Password123 | kinit admin >> Password for ad...@example.test: >> # ipa user-mod --rename=bob bob1 >> -------------------- >> Modified user "bob1" >> -------------------- >> User login: bob >> First name: Robert >> Last name: Chase >> Home directory: /home/bob >> Login shell: /bin/sh >> Email address: b...@example.test >> UID: 251800001 >> GID: 251800001 >> Account disabled: False >> Password: True >> Member of HBAC rule: allow_wikiapp >> Kerberos keys available: True >> # echo BobPassword123 | kinit bob >> Password for b...@example.test: >> # >> >> Is this expected? It's with 4.1.0. > Yes, we have a bug for this, actually, few of them: > https://fedorahosted.org/freeipa/ticket/4757 > > The actual issue is due to https://fedorahosted.org/freeipa/ticket/4914 >
Well, in this case the principal isn't changed at all, it's still b...@example.test, which is why the password doesn't work. There probably is no bob1 principal anywhere. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project