IPA requires users to change their passwords immediately

Latest response

I am using IPA for authentication of RHEV-M.

 

I find that when I create a user account with

 

ipa useradd <username>

 

the user has to change their password before they can log in to the User Portal.

 

I am not using IPA for anything other than authenticating RHEV-M.  If someone can recommend a way for users to change their passwords, that would be really helpful. 

 

One way that I have found for a user to change their password is for the user to ssh into the IPA server.  Then, after they enter their initial password, the user can change their password.  However, a web app for changing the password would be much better.

Responses

This isn't related to RHEV it's an IPA policy, when you first setup a user in IPA the password is set to expired [1]

 

You'd need to change the password as the user. I seem to remember you could change the policy in IPA but I'd have to check the docs.

 

 

 

[1] http://freeipa.org/page/NewPasswordsExpired

I seem to remember that there was a way to change a password from the login screen in RHEV 2.2.

 

Anyway, sincere thanks for your response.  I'll find out more about IPA.

Please also take a look at the below thread:

 

https://access.redhat.com/discussion/work-around-cannot-login-user-password-has-expired-please-change-your-password-rhevm-user

 

You can either use "kinit" or "kpasswd" to change the password.

I think that the bug report at the following URL is relevant to this issue:

 

https://bugzilla.redhat.com/show_bug.cgi?id=802786

I've written very simple web application to change password first time and change expired password as well. Just use vaadin for UI and this code https://danieljamesscott.org/10-documentation/configuration-guides/17-change-expired-freeipa-password-using-java.html