URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password 
change

HonzaCholasta commented:
"""
The `admin` user is not allowed to write to the attribute:
```
$ kinit admin
Password for ad...@abc.idm.lab.eng.brq.redhat.com: 
$ ipa user-mod jcholast --password-expiration=now
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 
'krbPasswordExpiration' attribute of entry 
'uid=jcholast,cn=users,cn=accounts,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com'.
```
Please update the "Admin can manage any entry" ACI in 
`install/updates/20-aci.update`.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/621#issuecomment-290114123
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to