On 11/19/2012 11:31 AM, Marc Grimme wrote: > This is what the kerberos (kadmin.log) shows on the relevant IPA server. > Nov 19 17:29:54 axinfra02-1.cl.atix kadmind[18851](Error): password > quality module empty rejected password for [email protected]: Empty > passwords are not allowed > Nov 19 17:29:54 axinfra02-1.cl.atix kadmind[18851](Notice): chpw request > from 192.168.3.231 for [email protected]: Password is too short > > I could only enter the old password the new one was never queried. > Any idea?
Please cross post to the sssd-users. It seems that the server receives an empty password. I do not know if one can enable a trace that would show what password is actually sent. You might need to have a special build of SSSD to see what SSSD is actually sending. Anyways ask on SSSD list, you might get some good hints. Thanks Dmitri > Thanks > Marc. > > Am 19.11.2012 16:57, schrieb Dmitri Pal: >> On 11/19/2012 04:37 AM, Marc Grimme wrote: >>> (Mon Nov 19 10:33:33 2012) [[sssd[krb5_child[19943]]]] >>> [krb5_child_setup] (0x4000): Not using FAST. >>> (Mon Nov 19 10:33:33 2012) [[sssd[krb5_child[19943]]]] [changepw_child] >>> (0x0020): krb5_change_password failed [2][Server error]. >>> (Mon Nov 19 10:33:33 2012) [[sssd[krb5_child[19943]]]] [changepw_child] >>> (0x0020): krb5_change_password failed [2][Password not changed.]. >> Have you looked at the server Kerberos log? >> Do you see an attempt there? >> If not there might be a problem accessing kadmin process on the server. >> Might be a firewall issue then. >> But let us start with the server side. >> >> > -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
