It is confirmed, the password policy was changed with password expiration beyond 2038. Question is, how can we restore the pw policy without a working admin user?
Sándor Juhász System Administrator ChemAxon Ltd . Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 Cell: +36704258964 From: "Martin Kosek" <mko...@redhat.com> To: "Tamas Papp" <tom...@martos.bme.hu>, freeipa-users@redhat.com Sent: Tuesday, June 2, 2015 9:54:43 AM Subject: Re: [Freeipa-users] password expiration On 06/01/2015 07:50 PM, Tamas Papp wrote: > hi All, > > I'm stuck: > > > $ kinit admin > Password for admin@CXCLIENTS: > kinit: Password incorrect while getting initial credentials > [root@ipa-clients1 ~]$ kinit admin > Password for admin@CXCLIENTS: > Password expired. You must change it now. > Enter new password: > Enter it again: > kinit: Password has expired while getting initial credentials > > > > > $ kinit admin > Password for admin@CXCLIENTS: > Password expired. You must change it now. > Enter new password: > Enter it again: > Password change rejected: Current password's minimum life has not expired > > Password not changed.. Please try again. > > Enter new password: > > > > > What can I do now? > > > Thanks, > tamas > Hi Tamas, What platform and FreeIPA version do you use? What actions did you do before this happened? Were you for example changing the (global) password policy? Setting a too high password life may case the Year 2038 problem and have password validity in the past. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project