FreeIPA WebUI displays "Insufficient access: invalid credentials" when a password doesn't meet policy requirements...
This is an issue post migration to FreeIPA as many users would like to be able to reset their passwords, and they believe the error is actually due to their permissions when in fact it is not.
Could this webui fix be back ported to 2.1.x?
Just to confirm, the user's are resetting their password on their own selfservice page, right?
This problem is temporarily fixed in this patch:
Previously the self-service page calls the passwd command without including the username in the argument. The username is supposed to be optional but the command sometimes doesn't work without it. This problem is not always reproducible, so it's rather difficult to investigate. The above patch modifies the self-service page to include the username in the command argument to avoid the problem until we can figure out the real cause of the problem.
Proposing to close the ticket. Above patch and the one in #2067 produce good messages. I didn't manage to reproduce the issue.
Password change tests in self-service page:
- wrong current password test: "Insufficient access: Invalid credentials" - min. lifetime test: "Constraint violation: Too soon to change password" - length test: "Constraint violation: Password is too short" - character classes test: "Constraint violation: Password is too simple" - history test: "Constraint violation: Password reuse not permitted"
See #2067 for more details.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=802786
Metadata Update from @jraquino: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02
Login to comment on this ticket.