I find this issue a bit curious. I certainly understand the reason not
to make the pw hashes available to any and all SSSD clients – providing
one has root access – as that is obviously inherently insecure.
However; since regular users are indeed able to change their passwords
once logged in via
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: sssd (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1415545
Title:
** Tags added: precise
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1415545
Title:
Cannot change LDAP password when ldap_pwd_policy=shadow
To manage notifications about this bug go to:
** Changed in: sssd (Debian)
Status: Unknown = New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1415545
Title:
Cannot change LDAP password when ldap_pwd_policy=shadow
To manage
The reason I believe it's a bug is remove
ldap_pwd_policy = shadow
and add ldap_chpass_update_last_change = true
Then the user can change their pass and it even updates the
ShadowLastChange but you don't get password lock out on ShadowExpire
etc.
--
You received this bug notification because
Here is the most important part of the log:
(Wed Jan 28 15:41:48 2015) [sssd[be[default]]] [sdap_auth4chpass_done]
(0x0020): Changing shadow password attributes not implemented.
The functionality you request is simply not implemented. Because shadow
attributes are inherently insecure and
On Wed, 2015-01-28 at 19:19 +, Jakub Hrozek wrote:
Here is the most important part of the log:
(Wed Jan 28 15:41:48 2015) [sssd[be[default]]] [sdap_auth4chpass_done]
(0x0020): Changing shadow password attributes not implemented.
The functionality you request is simply not implemented.
