[Freeipa-devel] Password expired on new user
Simo Sorce
ssorce at redhat.com
Mon Dec 3 05:06:17 UTC 2007
Pam_krb5 should ask you to change password.
If not we need to investigate why.
Simo.
On Mon, 2007-12-03 at 10:57 +1000, David O'Brien wrote:
> Simo Sorce wrote:
> > On Fri, 2007-11-30 at 15:54 +1000, David O'Brien wrote:
> >> I just created a new user but as soon as I did and the interface
> >> returned to the View User page, it said "Password has expired". I
> >> thought I saw a comment from Suzanne? about this but now I can't find it.
> >>
> >> Why would this happen?
> >
> > Because when admins change password users are required to reset them to
> > a value unknown to the admin immediately.
> > This is by design. And it is meant as a way to safely distribute new
> > accounts as well do password resets without letting anybody else but the
> > user know the final password.
> > Unfortunately at this moment I don't have a way to provide a better
> > message like: "the password was reset you have to change it". But that
> > is the idea.
> >
> > Simo.
> >
> Yes, that part of it makes sense and is to be expected. The immediate
> "password is expired" (effectively blocking out the user) was the real
> eyebrow-raiser. I'll test again on a later build today and see what
> happens, but as it stands I can't log in as anyone except admin using
> this password policy.
>
--
| Simo S Sorce |
| Sr.Soft.Eng. |
| Red Hat, Inc |
| New York, NY |
More information about the Freeipa-devel
mailing list