On Tue, 2018-06-26 at 22:39 +0000, Mitch Patenaude wrote: > Our organization’s security policies impose several constraints on > password changes. There is a complexity requirement, and a ban on > reuse of old passwords. I’ve gotten all of these requirements worked > into the 389 server, but when the constraints aren’t met, the error > message is very misleading and opaque: > > Password change failed. Server message: Failed to update password > > passwd: Authentication token is no longer valid; new one required > > This results in a lot of support requests about the inability to > change passwords. Is there any way to make the error messages a > little more descriptive? We’re using pam_sss and sssd on Centos 7.x.
This might be a bug in SSSD, because I think we provide messages back in the LDAP message to explain what happened. It may be worth talking to them about this error, Thanks, > > Thanks, > -- Mitch > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o > rg > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelin > es > List Archives: https://lists.fedoraproject.org/archives/list/389-user > s...@lists.fedoraproject.org/message/C4O42J4ZT3FNONKMX6KBBIUVY2HODADH/ -- Sincerely, William _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org/message/IFKHZ52QUHPH2T27GSJNP6SP65BH7XA3/
