On 02/18/2016 04:46 PM, bahan w wrote:
Hello everyone.
I send you this mail because I have sometimes a problem when using ipa
passwd to generate a One Time Password and then using kpasswd to set a
strong random password using a password policy.
When I perform the ipa passwd command and just after the kpasswd command, I
got an error message.
Here is the command (I have an admin TGT) :
echo "onetimepwd\nonetimepwd\n" | ipa passwd ; echo
"onetimepwd\n\n\n" | kpasswd
And here is the result :
###
--
Changed password for "@"
--
Password for @:
kpasswd: Preauthentication failed getting initial ticket
###
When I perform a sleep 5, then the sucession of these commands complete
successfully.
I tried to sleep 1s or 2s, but sometimes I got the error message, and
sometimes not.
So I extended the sleep duration to 5s.
I was wondering if it was normal behaviour from ipa-server/client 3.0.0-47 ?
If yes, do you know what the minimum duration in seconds that I have to
wait after setting a one time password before setting a more definitive
password (a password respecting the password policy) ?
Best regards.
Bahan
Following works for me:
ADMINPW=Secret123
TEMPPW=temppwd
FINALPW=Secret1234
TESTUSER=fbar
kdestroy -A
echo -e "${ADMINPW}" | kinit admin
klist
echo -e "${TEMPPW}\n${TEMPPW}\n" | ipa passwd $TESTUSER
echo -e "${TEMPPW}\n${FINALPW}\n${FINALPW}\n" | kpasswd $TESTUSER
klist
kdestroy -A
echo -e "${FINALPW}" | kinit $TESTUSER
klist
kdestroy -A
also works if kpasswd is changed to kinit.
You can also try to use KRB5_TRACE=/dev/stdout to debug it:
# KRB5_TRACE=/dev/stdout kpasswd user
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
