[Users] Unable to log on with expired passord

Sigbjorn Lie sigbjorn at nixtra.com
Sun Jan 26 13:33:46 EST 2014


On 04/12/13 06:47, Itamar Heim wrote:
> On 12/04/2013 12:19 AM, Sigbjorn Lie wrote:
>> On 16/10/13 00:22, Itamar Heim wrote:
>>> On 10/15/2013 10:31 AM, Sigbjorn Lie wrote:
>>>> Hi,
>>>>
>>>> I am doing a POC of RHEV 3.2 VDI for a customer. Their users are
>>>> located in an IPA server, and
>>>> RHEV and IPA has been connected using rhevm-manage-domains.
>>>>
>>>> During the POC we discovered that users which have expired password
>>>> cannot log on. They receive an
>>>> Incorrect password error message.
>>>>
>>>> 1. They should at least receive a Your password has expired error
>>>> instead of the Incorrect
>>>> password error message as this is confusing for the user.
>>>
>>> 3.3 has the motd to provide some info/url to IPA password changing.
>>>
>> I've installed 3.3 as a test and I can see that it's now correctly
>> advising the user that his password has expired. But it does not provide
>> the user with an option to change his/her password.
>>
>>>>
>>>> 2. This creates a problem, as every time a password is reset in IPA,
>>>> it's automatically set to be
>>>> expired so the user will change password at next logon.
>>>>
>>>> Is there a way around this?
>>>
>>> use the IPA web form to change the password by the user.
>>>
>> This is a manual process for the user to be aware of and will generate
>> calls to the helpdesk. I believe it would create a much better user
>> experience to allow the password to the changed as a part of the login
>> procedure.
>>
>> Or adding an option to work the same way as our current Secure Global
>> Desktop solution allows us to do; Logging in the user with the expired
>> password, and then the password is being changed as a part of the login
>> procedure to the Linux Desktop.
>>
>> And this is a scenario that will be coming up often, as that every time
>> a new user is added or a password is reset for an existing user in Red
>> Hat IdM, the password is set to be expired so that the user is forced to
>> change it on next logon, and no option is provided in Red Hat IdM to
>> work around this.
>>
>> In our environment the users who will use the Linux VDI solution through
>> the User Portal will be using a Windows desktop and this will be their
>> only link into the Linux environment where they're required to log on
>> using a username and password from Red Hat IdM.
>
> the problem is each authentication provider has a different method to 
> change password (no standard for this).
> as a first step, we added in 3.3 the motd option (message of the day), 
> you can use that to put a text specifying in case of password 
> expirtaion to use the IPA web url.
>
> we'll another tweak to manage domains, to allow specyfing the password 
> expirtation web form change url per domain, and show it for password 
> expirtaion.
>
> then we can look about actually supporting this for specific providers.
>
I've got a RHEV 3.3 test environment up running, and I'm trying the motd 
option you recommended. I can set the UserMessageOfTheDay using 
rhevm-config sucessfully, and I see the message displayed on the User 
Portal web page.

However any attempt on adding an URL (to the IPA server) with a <a 
href..> tag or without any html tag, displays the URL and not a link the 
user can click on as expected. Neither can I copy and paste from the MOTD.

Is there any way to produce a clickable link in the motd? Or at least 
allow cut and paste from the motd?


Regards,
Siggi



More information about the Users mailing list