我们有一个基于 FreeIPA 的系统,管理员密码已过期,需要更改,但通过 SSH 的标准密码更改程序失败:
sashka@cellar ~ ssh [email protected]
[email protected]'s password:
Password expired. Change your password now.
Last failed login: Mon Jun 30 15:38:21 MSK 2014 from 116.10.191.195 on ssh:notty
There were 6071 failed login attempts since the last successful login.
Last login: Wed Apr 16 19:28:54 2014
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user admin.
Current Password:
New password:
Retype new password:
Password change failed. Server message: Current password's minimum life has not expired
Password not changed.
passwd: Authentication token manipulation error
Connection to ipa.xxxxxxxxxx.com closed.
如果我们尝试使用passwd它更改密码也会失败并显示相同的错误消息:
[admin@ipa ~]$ passwd
Changing password for user admin.
Current Password:
New password:
Retype new password:
Password change failed. Server message: Current password's minimum life has not expired
Password not changed.
passwd: Authentication token manipulation error
[admin@ipa ~]$
我们应该怎么做才能解决这种情况?
听起来您以某种方式创建了一个密码策略,其最短密码寿命比最长密码寿命长。
请记住,最大值以天为单位指定,而最小值以小时为单位指定。如果你把它们混合起来,那么很容易做到这一点。
要确认它,请检查现有的密码策略:
使用第二个管理员帐户登录并更改密码策略。
例如,设置最短寿命为 7 天,最长寿命为 90 天:
从命令行:
从网络用户界面:
最小寿命也可以设置为零以禁用它。