Hello, Using sssd together with 389 directory server (password expiration policy and history activated), changing user password with the passwd command will print the error message:
Password change failed. Server message: Failed to update password passwd: Authentication token is no longer valid; new one required in the following cases: - password has been changed less than a day ago - password is in 389 server history - password does not meet syntax constraints in 389 server Since 389 server does say why it rejects passwords, is there a configuration on sssd side to have more details about why the password is rejected ? I'm using sssd-1.16.2-13.el7_6.8.x86_64 (RHEL 7U6). I have the following configuration: [domain/default] cache_credentials = True ldap_search_base = dc=XXX krb5_realm = EXAMPLE.COM krb5_server = kerberos.example.com id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldaps://YYY ldap_tls_cacertdir = /etc/openldap/cacerts [sssd] services = nss, pam config_file_version = 2 domains = default [nss] [pam] [sudo] [autofs] [ssh] [pac]
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
