freeipa

Clone
Source Code
GIT

#6017 Allow password change with principal alias
Opened 7 years ago by dkupka. Modified 5 years ago

Open
Close issue as:
fixed wontfix worksforme duplicate insufficientinfo invalid 
$ echo -e "Secret123\nSecret123\n" | ipa user-add tuser --first Test --last User --password
$ ipa user-add-principal tuser test@EXAMPLE.ORG
$ ipa user-add-principal tuser test\\@example.org@EXAMPLE.ORG

$ echo -e "Secret123\nNewSecret123\nNewSecret123\n" | kinit -C test
Password for test@EXAMPLE.ORG: 
kinit: KDC reply did not match expectations while getting initial credentials

$ echo -e "Secret123\nNewSecret123\nNewSecret123\n" | kinit -C -E tuser@example.test
Password for tuser\@example.test@EXAMPLE.ORG: 
kinit: KDC reply did not match expectations while getting initial credentials
  • simo: the problem is on client side, kpasswd does not turn on the -E flag when getting changepw/...
  • sbose: SSSD would not use alias also
  • Postpone to 4.5, check with Greg if MIT wants to update kpasswd on client.
  • TODO: create kpasswd bug as a dependency/blocker

Metadata Update from @dkupka:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog
7 years ago

@rharwood what do you think about this?

Metadata Update from @rcritten:
- Issue close_status updated to: None
5 years ago

I imagine the problem is with kpasswd not turning on -C, not -E?

Otherwise it seems like a reasonable thing to support; did a bug ever get created? If not, and you want this feature, please make one.

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
enhancement
None
None
IPA
None
0
None
None
None
None
todo
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.