[Users] Unable to log on with expired passord

Sigbjorn Lie sigbjorn at nixtra.com
Tue Dec 3 22:19:24 UTC 2013 

On 16/10/13 00:22, Itamar Heim wrote:
> On 10/15/2013 10:31 AM, Sigbjorn Lie wrote:
>> Hi,
>>
>> I am doing a POC of RHEV 3.2 VDI for a customer. Their users are 
>> located in an IPA server, and
>> RHEV and IPA has been connected using rhevm-manage-domains.
>>
>> During the POC we discovered that users which have expired password 
>> cannot log on. They receive an
>> Incorrect password error message.
>>
>> 1. They should at least receive a Your password has expired error 
>> instead of the Incorrect
>> password error message as this is confusing for the user.
>
> 3.3 has the motd to provide some info/url to IPA password changing.
>
I've installed 3.3 as a test and I can see that it's now correctly 
advising the user that his password has expired. But it does not provide 
the user with an option to change his/her password.

>>
>> 2. This creates a problem, as every time a password is reset in IPA, 
>> it's automatically set to be
>> expired so the user will change password at next logon.
>>
>> Is there a way around this?
>
> use the IPA web form to change the password by the user.
>
This is a manual process for the user to be aware of and will generate 
calls to the helpdesk. I believe it would create a much better user 
experience to allow the password to the changed as a part of the login 
procedure.

Or adding an option to work the same way as our current Secure Global 
Desktop solution allows us to do; Logging in the user with the expired 
password, and then the password is being changed as a part of the login 
procedure to the Linux Desktop.

And this is a scenario that will be coming up often, as that every time 
a new user is added or a password is reset for an existing user in Red 
Hat IdM, the password is set to be expired so that the user is forced to 
change it on next logon, and no option is provided in Red Hat IdM to 
work around this.

In our environment the users who will use the Linux VDI solution through 
the User Portal will be using a Windows desktop and this will be their 
only link into the Linux environment where they're required to log on 
using a username and password from Red Hat IdM.

>>
>> I would like to see the user being able to log on the User Portal 
>> with the expired password, and
>> then he will be asked to change his password as usual once he's 
>> logging into his Linux VDI
>> machine.
>
> for ovirt, open a BZ for an RFE to show expired password and link to 
> web page for changing it.
> for rhev, open a support ticket to get proper tracking, etc.
>
https://bugzilla.redhat.com/show_bug.cgi?id=1037844

A ticket has been opened for RHEV referencing the BZ above.

Thanks.


> Thanks,
>    Itamar
>
>>
>>
>>
>> Regards,
>> Siggi
>>
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20131203/d90e4e17/attachment-0001.html>

More information about the Users mailing list