Bug 462800 - Add item to Technical FAQ: logging in via ssh where passwd has expired
Add item to Technical FAQ: logging in via ssh where passwd has expired
Product: freeIPA
Classification: Community
Component: Documentation (Show other bugs)
All Linux
medium Severity medium
: v1.x maintenance
: ---
Assigned To: Deon Ballard
Chandrasekar Kannan
: Documentation
Depends On:
  Show dependency treegraph
Reported: 2008-09-18 19:07 EDT by David O'Brien
Modified: 2015-01-04 18:34 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-03-28 07:23:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David O'Brien 2008-09-18 19:07:20 EDT
Description of problem:
Transcript of email to freeipa-users:

Ivan Levchenko wrote:
> Hi All,
> I'm starting to deploy this my IPA setup one system at a time, and I
> just came into one other issue:
> I added the host principle for hostname, I can login in using
> existing ipa accounts via ssh fine.
> BUT, I just created a new account for a user, and gave him the login
> details. He logs in remotely through a vpn connection (does not have
> any kerberos install or something like that).
> and when he ties to log in he gets an auth, failure. this is going on
> at the ipa client:
> Sep 18 04:29:02 svn sshd[31766]: pam_krb5[31766]: authentication fails
> for 'user' (user@REALTOOLSTECH.COM): Authentication failure (Password
> change failed)
> Sep 18 04:29:04 svn sshd[31766]: Failed password for user from
> port 33131 ssh2
> How can ssh change the password for this user?

See this:


Basically, set ChallengeResponseAuthentication to "yes" in /etc/sshd/sshd_config


Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 2 David O'Brien 2011-09-11 22:48:56 EDT
afaik Deon is now responsible for all IPA doc.

Note You need to log in before you can comment on or make changes to this bug.