On Thu, 2013-01-24 at 21:36 -0500, Matthew Barr wrote: > On Jan 24, 2013, at 6:53 PM, Dmitri Pal <d...@redhat.com> wrote: > > > > Yes you can set it again. This is how we envisioned the feature to be used. > > If it does not work it is a bug. > > > ipa-server-2.2.0-16.el6.x86_64, Centos 6.3 > > [mbarr@ipa ~]$ ipa host-mod wiki01.ayisnap.com --password=foo > ipa: ERROR: invalid 'password': Password cannot be set on enrolled host.
Matthew this is indeed the correct behavior, previous information from Dmitri was not correct. Once a host is enrolled you cannot reset the OTP password as that would effectively mean destroying the hosts credentials while the host is enrolled. Currently the IPA workflow expects you unenroll the client first. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users