Hello,
Using sssd together with 389 directory server (password expiration policy
and history activated), changing user password with the passwd command will
print the error message:
Password change failed. Server message: Failed to update password
passwd: Authentication token is no longer valid; new one required
in the following cases:
- password has been changed less than a day ago
- password is in 389 server history
- password does not meet syntax constraints in 389 server
Since 389 server does say why it rejects passwords, is there a
configuration on sssd side to have more details about why the password is
rejected ?
I'm using sssd-1.16.2-13.el7_6.8.x86_64 (RHEL 7U6).
I have the following configuration:
[domain/default]
cache_credentials = True
ldap_search_base = dc=XXX
krb5_realm =
EXAMPLE.COM
krb5_server =
kerberos.example.com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldaps://YYY
ldap_tls_cacertdir = /etc/openldap/cacerts
[sssd]
services = nss, pam
config_file_version = 2
domains = default
[nss]
[pam]
[sudo]
[autofs]
[ssh]
[pac]