On Mon, Jul 06, 2015 at 02:25:56PM -0700, Janelle wrote:
On 7/6/15 10:44 AM, Simo Sorce wrote:
On Mon, 2015-07-06 at 10:11 -0700, Janelle wrote:
Hello all,
Is there any known bug that would cause:
Password change failed. Server message: Current password's minimum life
has not expired
Here is the environment/process (7.1 with IPA 4.1.4) --
1. reset a user's PW so they are forced to change it.
2. they login and get the Your password has expired... message
3. They are then asked to change it and enter a new PW (twice)
4. This error message pops up, BUT -- the password is still changed.
If they get this using kpasswd it may happen if a re-transmission
occurs, as kpasswd uses UDP, so the second request ends up with that
error, I think, not 100% sure.
Simo.
This is very consistent - happening to all my users, and yet the IPA server
load is nothing. And since it does reset the PW successfully, why would it
still send this message?
Can you provide the SSSD domain and pam responder log files? If you
prefer feel free to send them to me by pm.
Besides updating the password on the server side SSSD does other things
like e.g. updating the cached password hash. Maybe the server side
update works as expected but some other operation fail causing this
error message.
bye,
Sumit
Still confused,
~Janelle
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project