URL: https://github.com/freeipa/freeipa/pull/621 Title: #621: Add --password-expiration to allow an admin to force a password change
HonzaCholasta commented: """ @redhatrises, the "Admin can manage any entry" ACI in fact contains a blacklist of attributes which admins aren't allowed to write. To actually fix the issue you must also remove `krbPasswordExpiration` from the "Admin can manage any entry" ACI. """ See the full comment at https://github.com/freeipa/freeipa/pull/621#issuecomment-290347117
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
