So, commenting out: password requisite pam_cracklib.so try_first_pass retry=3 type= dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
Caused users updating their passwords using ssh to get: [ykatabam@ykatabam ~]$ ssh [email protected] [email protected]'s password: Permission denied, please try again. [email protected]'s password: Password expired. Change your password now. Last login: Fri Sep 14 10:20:49 2012 from vpn1-48-53.bne.redhat.com WARNING: Your password has expired. You must change your password now and login again! Changing password for user ykatabam. Current Password: Password change failed. Server message: Password change failed passwd: Authentication token manipulation error Connection to dns1.ecs-cloud.lab.eng.bne.redhat.com closed. Is that to say that you need at least 1 password requisite? That instead of commenting out the password requisite pam_cracklib.so, I should have replaced it with something? Tim Hildred, RHCE Content Author II - Engineering Content Services, Red Hat, Inc. Brisbane, Australia Email: [email protected] Internal: 8588287 Mobile: +61 4 666 25242 IRC: thildred ----- Original Message ----- > From: "Jakub Hrozek" <[email protected]> > To: [email protected] > Sent: Tuesday, September 18, 2012 5:29:12 PM > Subject: Re: [Freeipa-users] Password requirements too stringent > > On Tue, Sep 18, 2012 at 02:57:49AM +0000, JR Aquino wrote: > > > > On Sep 17, 2012, at 7:53 PM, Tim Hildred wrote: > > > > > JR > > > > > > I had that line. I commented it out. Thank you. > > > > > > Now, what do I have to restart? > > > > I believe it should take effect in real time, but you may need to > > test to be sure. If it is still happening, you may need to double > > check that some other pam cfg doesn't also have it present: $ cd > > /etc/pam.d/ && grep pam_cracklib * > > > > If you have removed it from everything and it is still giving you > > the same error, then I would try a reboot... perhaps getty needs > > to reinitialize or something. But I'd try those steps before a > > reboot! > > > > ;) > > > > Some services, notably the sshd, must be restarted in order to > re-read > the PAM config. > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
