IPA requires users to change their passwords immediately

Latest response

I am using IPA for authentication of RHEV-M.


I find that when I create a user account with


ipa useradd <username>


the user has to change their password before they can log in to the User Portal.


I am not using IPA for anything other than authenticating RHEV-M.  If someone can recommend a way for users to change their passwords, that would be really helpful. 


One way that I have found for a user to change their password is for the user to ssh into the IPA server.  Then, after they enter their initial password, the user can change their password.  However, a web app for changing the password would be much better.


This isn't related to RHEV it's an IPA policy, when you first setup a user in IPA the password is set to expired [1]


You'd need to change the password as the user. I seem to remember you could change the policy in IPA but I'd have to check the docs.




[1] http://freeipa.org/page/NewPasswordsExpired

I seem to remember that there was a way to change a password from the login screen in RHEV 2.2.


Anyway, sincere thanks for your response.  I'll find out more about IPA.

Please also take a look at the below thread:




You can either use "kinit" or "kpasswd" to change the password.

I think that the bug report at the following URL is relevant to this issue:



I've written very simple web application to change password first time and change expired password as well. Just use vaadin for UI and this code https://danieljamesscott.org/10-documentation/configuration-guides/17-change-expired-freeipa-password-using-java.html