Hi, I have a server with noggin attached to a freeipa server.
I reset password for a user who has OTP enabled.
He can successfully log in but when it's forced to change password he can't. I tried myself. If in the "current password" field I put the temporary password I got the error:
[Mon Jul 08 15:34:02.670812 2024] [wsgi:error] [pid 16867:tid 16875] [remote HIDDEN:36792] ipa: INFO: WSGI change_password.__call__:
[Mon Jul 08 15:34:02.672335 2024] [wsgi:error] [pid 16867:tid 16875] [remote HIDDEN:36792] ipa: INFO: WSGI change_password: start password change of user 'rotondo'
[Mon Jul 08 15:34:02.678140 2024] [wsgi:error] [pid 16867:tid 16875] [remote HIDDEN:36792] ipa: INFO: 200 Success: The old password or username is not correct.
I made a second attempt filling with "temporary password+OTP token". In this case the log is slightly different, but the result the same
The only way to make password reset work is to force, from admin interface, the usage of simple "Password" method against "Two factor authentication (password + OTP)"
On the other hand, I tried to change password from the user interface. In that case there is a form for the OTP and there is no problem to change password. So my question is:
Could you fix the interface for the password reset and give the possibility to specify OTP token even in case of password expired?
Hi, I have a server with noggin attached to a freeipa server. I reset password for a user who has OTP enabled. He can successfully log in but when it's forced to change password he can't. I tried myself. If in the "current password" field I put the temporary password I got the error:
I made a second attempt filling with "temporary password+OTP token". In this case the log is slightly different, but the result the same
The only way to make password reset work is to force, from admin interface, the usage of simple "Password" method against "Two factor authentication (password + OTP)"
On the other hand, I tried to change password from the user interface. In that case there is a form for the OTP and there is no problem to change password. So my question is:
Could you fix the interface for the password reset and give the possibility to specify OTP token even in case of password expired?
Thank you in advance.
Riccardo