https://bugzilla.redhat.com/show_bug.cgi?id=751173
Description of problem: Log in as an IPA user, and change your own password. The default policy is Min lifetime is an hour, and Min length is 8. If password is changed within the hour, error indicates: ipa: ERROR: Constraint violation: Password Fails to meet minimum strength criteria This indicates the length or required char/numbers is incorrect. But it is actually the min lifetime causing the password to not be accepted. Set that to zero, and was able to change password Note: Using kpasswd indicated the actual issue with pwpolicy: #kpasswd two Password for two@TESTRELM: Enter new password: Enter it again: Password change rejected: Password change failed Err7: Too soon to change password. Version-Release number of selected component (if applicable): ipa-server-2.1.3-8.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Add a user, set its passwd 2. kinit as user, reset passwd 3. As this user, change own passwd (all within the hour) Actual results: Fails with error: ipa: ERROR: Constraint violation: Password Fails to meet minimum strength criteria Expected results: Be able to change password Additional info:
attachment freeipa-mkosek-206-improve-password-change-error-message.patch
Patch freeipa-mkosek-206-improve-password-change-error-message.patch sent for review
master: f2cc9c8[[BR]] ipa-2-2: 55cd9e7
Metadata Update from @rcritten: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/01
Login to comment on this ticket.