Red Hat Bugzilla – Bug 462800
Add item to Technical FAQ: logging in via ssh where passwd has expired
Last modified: 2015-01-04 18:34:06 EST
Description of problem:
Transcript of email to freeipa-users:
Ivan Levchenko wrote:
> Hi All,
> I'm starting to deploy this my IPA setup one system at a time, and I
> just came into one other issue:
> I added the host principle for hostname, I can login in using
> existing ipa accounts via ssh fine.
> BUT, I just created a new account for a user, and gave him the login
> details. He logs in remotely through a vpn connection (does not have
> any kerberos install or something like that).
> and when he ties to log in he gets an auth, failure. this is going on
> at the ipa client:
> Sep 18 04:29:02 svn sshd: pam_krb5: authentication fails
> for 'user' (user@REALTOOLSTECH.COM): Authentication failure (Password
> change failed)
> Sep 18 04:29:04 svn sshd: Failed password for user from
> 192.168.0.112 port 33131 ssh2
> How can ssh change the password for this user?
Basically, set ChallengeResponseAuthentication to "yes" in /etc/sshd/sshd_config
Version-Release number of selected component (if applicable):
Steps to Reproduce:
This is included in the current documentation:
184.108.40.206. Using Password Authentication
afaik Deon is now responsible for all IPA doc.