URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password 

HonzaCholasta commented:
@redhatrises, the "Admin can manage any entry" ACI in fact contains a blacklist 
of attributes which admins aren't allowed to write. To actually fix the issue 
you must also remove `krbPasswordExpiration` from the "Admin can manage any 
entry" ACI.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to