Hi, I saw another solution for your problem - you can define a user as "passSyncManager". Then that particular user will be able to set passwords for other users without having them immediately expired. This is especially handy when you have periodic synchronization with some external account management system, from which you get passwords.
This was described here, but I think it was removed from later versions of RHEL documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/pass-sync Anyway, I tested it, and I think it worked... maybe one day it stopped working (or will stop). Example: ``` # ldapmodify -x -D "cn=Directory Manager" -W Enter LDAP Password: dn: cn=ipa_pwd_extop,cn=plugins,cn=config changetype: modify add: passSyncManagersDNs passSyncManagersDNs: uid=ext-provisioner,cn=users,cn=accounts,dc=ims,dc=telekom,dc=de ``` -- Regards, Dmitry Perets. "The more one knows, the less opinions he shares" -- Wilhelm Schwebel _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
