Não é possível alterar a senha do FreeIPA admin - “A vida útil mínima da senha atual não expirou”

Temos um sistema baseado em FreeIPA, a senha do administrador expirou e precisa ser alterada, mas o procedimento padrão de mudança de senha por SSH falha:

sashka@cellar ~ ssh [email protected]
[email protected]'s password: 
Password expired. Change your password now.
Last failed login: Mon Jun 30 15:38:21 MSK 2014 from 116.10.191.195 on ssh:notty
There were 6071 failed login attempts since the last successful login.
Last login: Wed Apr 16 19:28:54 2014
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user admin.
Current Password: 
New password: 
Retype new password: 
Password change failed. Server message: Current password's minimum life has not expired

Password not changed.
passwd: Authentication token manipulation error
Connection to ipa.xxxxxxxxxx.com closed.

Se tentarmos alterar a senha usando passwd , ela também falhará com a mesma mensagem de erro:

[admin@ipa ~]$ passwd
Changing password for user admin.
Current Password: 
New password: 
Retype new password: 
Password change failed. Server message: Current password's minimum life has not expired

Password not changed.
passwd: Authentication token manipulation error
[admin@ipa ~]$

O que devemos fazer para resolver esta situação?