Hi everyone, I noticed that when users change their passwords through the #/selfservice/passwordchange path, then the password only gets updated on kerberos/samba through PAM as far as I can see, so all logins through LDAP still use the old password. but when I use #/selfservice/passwordforgotten, only then it gets updated in LDAP.
Is this a bug or am I doing something wrong here?
umc/self-service/allow-authenticated-use is set to true
we need more details to be able to find out the problem.
The self service password-forgot method sets the new password via UDM and therefore all 3 hash types are set: userPassword, SambaNTPassword and krb5Key.
The regular password change via PAM uses pam-krb5 to change the password. The Kerbereos server behind it (Heimdal or Samba4) will change all 3 password hashes also via UDM.
ah ok understood, so it could be a timing or congestion issue, or some service in between not acting fast enough?
I noticed now on our systems that both paths work again now.
What logs/configs would you need to investigate? I can provide them, thank you!