On Thu, Apr 24, 2025 at 07:46:12PM +0200, Stefan Kania wrote: > Hello to all > > When I activate the otp-overlay I can login with my userpassword and the 6 > digit token. But how can I change the password with otp activ? > > Without otp I do "passwd" then giving the old password and then the new > password twice and the password is changed > > With opt I have to give the old password+6-digit. If I only giving the > password the server complains immediately that the password is wrong. When > I'm giving the old password plus the 6-digit, the server accepts the > password. Then I can give the new password twice, but then I'm getting the > massage: > Server-message: Old password not accepted. > > So how can an user change his password via commandline with otp active?
Hi Stefan, there are 2 steps when running ldappasswd: - the bind (Old password+OTP) to authenticate the session (-w/-W) - the password modify against someone (presumably self) with "old password" (-a/-t) and "new password" (-s/-T) provided Similar when other applications use this. AFAIK the old-password data shouldn't have the OTP appended to it, should just be the user's current password, but I haven't checked this myself. Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
