On 04/01/2015 11:14 AM, Luiz Fernando Vianna da Silva wrote:
Hello All.
I've searched the archives of this mailing list looking for an answer
for this one, but all I found lead me nowhere. L
Closest thread to help me was:
https://www.redhat.com/archives/freeipa-users/2014-March/msg00153.html
Has anyone figured out a way to have expired password changes work on
AIX clients?
I have tried adding "kpasswd_protocol = SET_CHANGE" as well as
"kpasswd_protocol = RPCSEC_GSS" to the [realms] section but none of
them worked.
Here is the output from an ssh test session for user "teste" on a AIX
7.1 machine:
-bash-4.2$ ssh teste@localhost
################################################################################
# NICE MOTD
################################################################################
teste@localhost's password:
[KRB5]: 3004-332 Your password has expired.
3004-333 A password change is required.
[KRB5]: 3004-332 Your password has expired.
*******************************************************************************
* *
* *
* Welcome to AIX Version 7.1! *
* *
* *
* Please see the README file in /usr/lpp/bos for information
pertinent to *
* this release of the AIX Operating System.
*
* *
* *
*******************************************************************************
################################################################################
# NICE MOTD
################################################################################
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for "teste"
teste's Old password:
teste's New password:
Enter the new password again:
3004-604 Your entry does not match the old password.
Connection to localhost closed.
-bash-4.2$
So you are setting up AIX client using kerberos against IPA server and
trying to log with a user that has expired password. Did I get it right?
What version of the server you are using?
How your kerberos configuration looks on a client?
What does the KDC log show?
Atenciosamente/Best Regards
*__________________________________________*
*L**uiz Fernando Vianna da Silva*
ITM-I - Operação Cielo
+55 (11) 3626-7126
[email protected] <mailto:[email protected]>
*T I V I T
**
*Av. Maria Coelho Aguiar, 215 - Bloco D - 5? Andar
São Paulo - SP - CEP 05804-900
www.tivit.com.br <http://www.tivit.com.br/>
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu
conteúdo é restrito ao destinatário da mensagem. Caso você a tenha
recebido por engano, queira, por favor, retorná-la ao destinatário e
apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou
disseminação desta mensagem ou parte dela é expressamente proibido. A
TIVIT não se responsabilizará pelo conteúdo ou pela veracidade desta
informação.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
