From Fedora Project Wiki
Description
Test user password changes with FreeIPA web interface and command line.
Setup
- Deploy a correctly-configured FreeIPA domain controller. You can follow:
- QA:Testcase_Server_role_deploy with the Domain Controller role to deploy a FreeIPA domain controller on Fedora 28 or earlier
- QA:Testcase_freeipa_trust_server_installation to deploy a FreeIPA domain controller on Fedora 29 or later
- Enrol a test system in the domain. There are various ways to do this. You will find several test cases you can follow in the Server release validation test cases, FreeIPA test cases, and Realmd test cases
- Log in to the FreeIPA web UI (use the IPA server's hostname as the URL) as 'admin', go to 'Policy' and then 'Password Policies', open 'global_policy' and set the 'Min lifetime (hours)' to 0
How to test
- Log in to the FreeIPA web UI (use the IPA server's hostname as the URL) as any domain user
- Browse to the user's page (if you log in as a non-admin user, this will be the first page you see)
- Click 'Actions' then 'Reset Password' and change the password
- Log out of the web UI
- Open a console
- Run
kinit (user)
, where (user) is the name of the user account whose password you just changed - Enter the new password
- Run
ipa user-mod (user) --password
, again substituting the user name for (user), and change the password again - Attempt to run
kinit
again, log in to the web UI again, or log in to the system using the new password
Expected Results
- You should encounter no errors when changing the password or running
kinit
- Authenticating with the new password after each change should succeed