On 04/27/2015 01:08 PM, Tony Izzo wrote:
I'm currently experimenting with Red Had Identity Management 6.0,
This version does not make sense. Did you mean 7.0?
and I've noticed that when I create a user, and have them change their password using the "passwd" command, the password is changed in IdM, but the password expiration date is not updated, so that their password remains expired.
Are you sure that the password is actually changed in the central server? How does your PAM stack look like? Do you use SSSD?
Furthermore, the "expired" state of the password only seems to apply to logging into the IdM Web UI (these users are members of the "admins" group); users are able to log into any RHEL machine configured as an IdM client, using their updated password, even though the password is supposedly expired.
Are you sure you do not have an overlapping local user?
Any advice on what I'm doing wrong? Is the passwd command a valid way for a user to update their own password? Thanks.
If this is the consistent behavior then I suggest you look at the server logs and see what is going on on the KDC and LDAP side at the moment of the password change.
See the troubleshooting guide on the IPA wiki for more hints.
Tony
-- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
