Re: [Freeipa-users] Failed installation
On 10/18/2012 10:46 AM, Rob Crittenden wrote: Rob Crittenden wrote: Bret Wortman wrote: Sorry, that wasn't clear at all, was it? The latest attempt was after I ran the cleanup. No joy; it's still failing at the same point and tomcat is definitely not running. In order to diagnose why dogtag is failing to install we need to see the logs from /var/log/pki-ca and the full /var/log/ipaserver-install.log. You can send them directly to me or Martin if you'd prefer. To close the loop on this, I had Bret yum reinstall the pki-selinux package. For some reason sometimes it fails to load the required SELinux contents on install. Is there any way to make it more reliable? Doing that has resolved the installation issue. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Changing randomly generated password complexity?
Yes, Click the policy tab and choose global policies. Change the character classes setting to something less then what is already there. This number reflects how many requirements the user password has to meet. Cheers, Jason -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of KodaK Sent: Friday, October 19, 2012 3:31 PM To: freeipa-users@redhat.com Subject: [Freeipa-users] Changing randomly generated password complexity? Hello all, Does anyone know if it's possible to change the complexity of the passwords that IPA generates? Here's a typical scenario: User: can you reset my password? Me: Random password: 9opLSv6jhN_Q User: it doesn't work. Me: (internal sigh) can you copy and paste it, you only need it once and then you can reset it to whatever you want. User: it still doesn't work. Me: clickity click your password is now 'bob'. User: it works now! -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Changing randomly generated password complexity?
KodaK wrote: Hello all, Does anyone know if it's possible to change the complexity of the passwords that IPA generates? Here's a typical scenario: User: can you reset my password? Me: Random password: 9opLSv6jhN_Q User: it doesn't work. Me: (internal sigh) can you copy and paste it, you only need it once and then you can reset it to whatever you want. User: it still doesn't work. Me: clickity click your password is now 'bob'. User: it works now! Not at the moment, it's hardcoded. I'd be curious why it was failing. Is it a matter of transcribing the new password to the user or something else? rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Changing randomly generated password complexity?
Whoops, Saw password complexity, but obviously I didn't read the entire title. Sorry about that. Good luck! -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rob Crittenden Sent: Friday, October 19, 2012 3:41 PM To: KodaK Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Changing randomly generated password complexity? KodaK wrote: Hello all, Does anyone know if it's possible to change the complexity of the passwords that IPA generates? Here's a typical scenario: User: can you reset my password? Me: Random password: 9opLSv6jhN_Q User: it doesn't work. Me: (internal sigh) can you copy and paste it, you only need it once and then you can reset it to whatever you want. User: it still doesn't work. Me: clickity click your password is now 'bob'. User: it works now! Not at the moment, it's hardcoded. I'd be curious why it was failing. Is it a matter of transcribing the new password to the user or something else? rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Failed installation
On Fri, 2012-10-19 at 14:26 -0400, Dmitri Pal wrote: On 10/18/2012 10:46 AM, Rob Crittenden wrote: Rob Crittenden wrote: Bret Wortman wrote: Sorry, that wasn't clear at all, was it? The latest attempt was after I ran the cleanup. No joy; it's still failing at the same point and tomcat is definitely not running. In order to diagnose why dogtag is failing to install we need to see the logs from /var/log/pki-ca and the full /var/log/ipaserver-install.log. You can send them directly to me or Martin if you'd prefer. To close the loop on this, I had Bret yum reinstall the pki-selinux package. For some reason sometimes it fails to load the required SELinux contents on install. Is there any way to make it more reliable? The dogtag selinux policy is being merged into the system policy. This should remove the issue completely in future Fedora versions. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users