URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password 

HonzaCholasta commented:
The `admin` user is not allowed to write to the attribute:
$ kinit admin
Password for ad...@abc.idm.lab.eng.brq.redhat.com: 
$ ipa user-mod jcholast --password-expiration=now
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 
'krbPasswordExpiration' attribute of entry 
Please update the "Admin can manage any entry" ACI in 

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to