Here's what I had to do: http://www.freeipa.org/page/PasswordSynchronization
On Thu, Sep 26, 2013 at 10:35 AM, KodaK <[email protected]> wrote: > As far as I can tell, password policy is enforced on the client side, not > the directory side. > > I set up a self-service password reset utility which enforces its own > rules and bypasses the IPA password policies. > > I used this one: > > http://ltb-project.org <http://ltb-project.org/wiki/> > > I created a user that had the ability to create passwords, but IIRC there > was some setting I had to change so that the passwords created didn't > require a change. > > I'm pretty sure someone in this list told me how, so I'll search and see > if I can find it. > > --Jason > > > > On Thu, Sep 26, 2013 at 8:58 AM, Innes, Duncan < > [email protected]> wrote: > >> Sorry, >> >> > -----Original Message----- >> > From: Martin Kosek [mailto:[email protected]] >> > Sent: 26 September 2013 14:29 >> > To: Innes, Duncan >> > Cc: [email protected] >> > Subject: Re: [Freeipa-users] Force IPA to accept password? >> > >> > On 09/26/2013 01:05 PM, Innes, Duncan wrote: >> > > Hi, >> > > >> > > Can I force IPA to accept a new password that I have chosen? >> > >> > What password do you have in mind? A password of an IPA user? >> > >> >> Yes - for my authentication when SSHing onto a Linux box. >> >> > > >> > > Today I've had to change my password in 2x AD domains and >> > > other places according to policy. I've done this. >> > > >> > > But coming to IPA, I find that I've chosen a "BAD >> > > PASSWORD". Without getting into the merits of the AD password >> > > policy and the security of the password I've chosen, can I >> > > force IPA to accept my new password at all? >> > >> > Well, without getting into security of the approach, you >> > could change the global password policy or group password >> > policy so that the new password is >> > accepted: >> > >> > $ ipa pwpolicy-mod --minlength=5 >> > >> > or >> > >> > $ ipa pwpolicy-add usergroup --minlength=5 >> > >> > ... to "fix" whatever failing password policy attribute. >> > >> >> The error comes from a dictionary check I think. AD does as well as far >> as I know, but would appear to have a smaller dictionary or looser >> rules. >> >> Kind of what I expected/feared though. I don't want to change the IPA >> policy at all, just override it's objection. For now, I went the long >> route and changed my IPA password first, then changed the other >> passwords >> To match what IPA was happy with. >> >> > HTH, >> > Martin >> > >> >> Cheers & thanks for your help >> >> Duncan >> >> This message has been checked for viruses and spam by the Virgin Money >> email scanning system powered by Messagelabs. >> >> >> >> This e-mail is intended to be confidential to the recipient. If you >> receive a copy in error, please inform the sender and then delete this >> message. >> >> Virgin Money plc - Registered in England and Wales (Company no. 6952311). >> Registered office - Jubilee House, Gosforth, Newcastle upon Tyne NE3 4PL. >> Virgin Money plc is authorised by the Prudential Regulation Authority and >> regulated by the Financial Conduct Authority and the Prudential Regulation >> Authority. >> >> The following companies also trade as Virgin Money. They are both >> authorised and regulated by the Financial Conduct Authority, are registered >> in England and Wales and have their registered office at Discovery House, >> Whiting Road, Norwich NR4 6EJ: Virgin Money Personal Financial Service >> Limited (Company no. 3072766) and Virgin Money Unit Trust Managers Limited >> (Company no. 3000482). >> >> For further details of Virgin Money group companies please visit our >> website at virginmoney.com >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/freeipa-users >> > > > > -- > The government is going to read our mail anyway, might as well make it > tough for them. GPG Public key ID: B6A1A7C6 > -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
