Hi, following some advice I received here a few months back, I'm trying to get sssd
set up for auth with a 389-ds backend. Almost everything works well, except for the
ability to change expired passwords. When A user has an expired password, he/she is
unable to change it. The exchange looks like:
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testacct2.
Current Password:
New password:
Retype new password:
Password change failed. Server message: Failed to update password
passwd: Authentication token is no longer valid; new one required
And the entry in /var/log/secure looks like:
Jan 30 16:44:37 ldap01 passwd: pam_sss(passwd:chauthtok): User info message: Password
change failed. Server message: Failed to update password
Jan 30 16:44:37 ldap01 passwd: pam_sss(passwd:chauthtok): Password change failed for user
testacct2: 12 (Authentication token is no longer valid; new one required)
And the associated entry in /etc/pam.d/system-auth is:
password sufficient pam_sss.so use_authtok
I'm hoping that somebody else here has solved this problem.
-- Mitch Patenaude
Show replies by date