Problem:
During execution of the join-script provided by Keycloak the following error appears in /var/log/iunvention/join.log:
creating keycloak kerberos user
Password policy error: is too simple.
/usr/lib/univention-install/50keycloak.inst: FATAL:
EXITCODE=2
Cause:
A password complexity rule requires characters in the new password which are neither letters nor digits, defined by UCRV password/quality/credit/other
The password generation for the keycloak kerberos user krbkeycloak is done by makepasswd --chars 20 which doesnt use special characters.
Workaround:
Disable the complexity during the execution of the join-script. When using a policy, overwrite is using the “force”-switch
ucr set --force password/quality/credit/other='0'
One the join-script was executed successfully re-enable the required setting.
ucr unset --force password/quality/credit/other
Further executions of the join-script will detect that the user already exists and skip the creation.