When creating a new user, I set the password as the Admin. Then when I kinit or kpasswd as the user, it prompts me to change the password.
Upon changing it and re-kinit'ing using the NEW password, the system accepts it but prompts be again that the account is expired. If I set the password for a third time, the default FreeIPA password policy will cause the password to have the max time expired but not the min time.
krb5-server-ldap-1.9.1-5.fc15.2.x86_64 krb5-workstation-1.9.1-5.fc15.2.x86_64 pam_krb5-2.3.11-4.fc15.x86_64 krb5-server-1.9.1-5.fc15.2.x86_64 krb5-pkinit-openssl-1.9.1-5.fc15.2.x86_64 krb5-libs-1.9.1-5.fc15.2.x86_64 krb5-devel-1.9.1-5.fc15.2.x86_64
I encountered the same thing:
# ipa user-add --first=Foo --last=Bar --password fbar5 Password: Enter Password again to verify: ------------------ Added user "fbar5" ------------------ User login: fbar5 First name: Foo Last name: Bar Full name: Foo Bar Display name: Foo Bar Initials: FB Home directory: /home/fbar5 GECOS field: Foo Bar Login shell: /bin/sh Kerberos principal: fbar5@IDM.LAB.BOS.REDHAT.COM UID: 249200022 GID: 249200001 Keytab: True Password: True Member of groups: ipausers # kinit fbar5 Password for fbar5@IDM.LAB.BOS.REDHAT.COM: Password expired. You must change it now. Enter new password: Enter it again: kinit: Password has expired while getting initial credentials # kinit fbar5 Password for fbar5@IDM.LAB.BOS.REDHAT.COM: Password expired. You must change it now. Enter new password:
This is a 3.0 bug, changing ticket properties.
Reproduced, will tackle it as soon as I can.
Fixed in: 4167ad0
Deprecate the component.
Metadata Update from @jraquino: - Issue assigned to simo - Issue set to the milestone: FreeIPA 3.0 Trust Effort - 2011/09
Login to comment on this ticket.