Difference between Scheduled Password Change and Force Change Password

Question

Hi,

Does anyone encountered scheduled password change fails due to permission denied error however if you use force change password, it successfully changed the password? The system is Ubuntu and I wonder, what’s the difference between those 2 functionality. The account settings option for the Ubuntu managed account is configured to use a functional account when changing password and Use Own Credential is disabled. If I try to simulate the changing of password on the server, the passwd <managed account> command doesn’t work due to an error showing “passwd: You may not view or modify password information for <managed account>”. If I run the command, sudo passwd <managed account>, it requires us to input the sudo password.

With this two commands unable to work properly, I wonder why the force change password works? Any idea?

Cheers~!

jchandler · Answer

Hello ​@mcencienzoThe commands used to schedule a password change and to force a change should the the exact same.The difference is the forced change is initiated right away from the appliance you are logged into and a scheduled change is sent to the change queue to be picked up by the change agent. If you’re using OnPrem setup in an Active / Active environment, the scheduled change could be picked up by any of the active appliances and the change would originate from that system.Try setting the sudo elevation for the functional account as per our guide.functional_account ALL=(ALL) NOPASSWD: /usr/bin/grep, /usr/bin/sed, /usr/bin/tee, /usr/bin/passwdhttps://docs.beyondtrust.com/bips/docs/ps-dss-authentication#create-a-functional-account-on-the-unix-or-linux-platformRegards,John

Reply

Badge Earners

Reply

Badge Earners

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded