On Mon, Jul 02, 2012 at 12:21:41PM +0200, Angel Bosch wrote:
hi,
my journey to server policies has begun. I'm testing with a single user. I get
warning but I can't change password:
#######################################################################
Last login: Mon Jul 2 12:11:07 2012 from
a4badba022d5.example.net
WARNING: Your password has expired.
You must change your password now and login again!
Current Password:
passwd: Authentication token manipulation error
passwd: password unchanged
Connection to cprli0554 closed.
e10000@cprli0555:~$
#######################################################################
If you are not asked for a new password I think you pam configuration
might need some fixing. If you have a line like
password sufficient pam_sss.so use_authtok
in you configuration there should be a pam module to locally check the
new password before, like:
password requisite pam_cracklib.so try_first_pass retry=3 type=
If you do not want to use a local password checker 'use_authtok' must be
removed so that pam_sss asks for a new password.
My config looks like
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
HTH
bye,
Sumit
relevant info in logs:
#######################################################################
(Mon Jul 2 12:15:29 2012) [sssd[be[example.net]]] [sdap_pam_chpass_handler] (0x0040):
starting password change request for user [a10023].
(Mon Jul 2 12:15:29 2012) [sssd[be[example.net]]] [be_pam_handler_callback] (0x0100):
Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
(Mon Jul 2 12:15:29 2012) [sssd[be[example.net]]] [be_pam_handler_callback] (0x0100):
Sending result [
4][example.net]
(Mon Jul 2 12:15:29 2012) [sssd[be[example.net]]] [be_pam_handler_callback] (0x0100):
Sent result [
4][example.net]
(Mon Jul 2 12:15:29 2012) [sssd[be[example.net]]] [be_pam_handler] (0x0100): Got request
with the following data
#######################################################################
What I I'm missing?
Ask for further info if you need it,
àngel
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-users