Janelle wrote:
> Hello,
> 
> I continue to see these a lot, but only on some servers. It causes a lot
> of confusions with my users. There must be a way to troubleshoot this
> and find the issue. Also, there is nothing wrong with the password
> policies. They are all set to default, and this occurs even when a
> user's password has expired.  The only thing I can say is it tends to
> happen on more heavily loaded servers than lightly loaded ones. And
> perhaps the most important point - the password *IS* changed successfully!
> 
> Changing password for user expired-user.
> Current Password:
> New password:
> Retype new password:
> Password change failed. Server message: Current password's minimum life
> has not expired
> 
> Password not changed.
> passwd: Authentication token manipulation error
> 
> Thoughts? Anything?
> 
> ~Janelle
> 

What tool is changing the expired password?

I'd be curious to see the password policy for the user, ipa
pwpolicy-show --user=<user>

Seeing the krbLastPwdChange and krbPasswordExpiration might be handy too.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to