[Freeipa-devel] Password expired on new user
David O'Brien
david.obrien at redhat.com
Mon Dec 3 00:57:25 UTC 2007
Simo Sorce wrote:
> On Fri, 2007-11-30 at 15:54 +1000, David O'Brien wrote:
>> I just created a new user but as soon as I did and the interface
>> returned to the View User page, it said "Password has expired". I
>> thought I saw a comment from Suzanne? about this but now I can't find it.
>>
>> Why would this happen?
>
> Because when admins change password users are required to reset them to
> a value unknown to the admin immediately.
> This is by design. And it is meant as a way to safely distribute new
> accounts as well do password resets without letting anybody else but the
> user know the final password.
> Unfortunately at this moment I don't have a way to provide a better
> message like: "the password was reset you have to change it". But that
> is the idea.
>
> Simo.
>
Yes, that part of it makes sense and is to be expected. The immediate
"password is expired" (effectively blocking out the user) was the real
eyebrow-raiser. I'll test again on a later build today and see what
happens, but as it stands I can't log in as anyone except admin using
this password policy.
--
David O'Brien <mailto:daobrien at redhat.com>
RHCT
PGP-KeyID: 0x443CBA7B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071203/453200cf/attachment.sig>
More information about the Freeipa-devel
mailing list