Steven Jones wrote:
Is there a way for a standard user to query how long before his password
is going to expire?

ie locally we can do chage --list <user>

chage requires shadow passwords IIRC and we don't provide that map in sssd. Off the top of my head I think the only way to get it would be an ldapsearch which would be rather nasty. Would be relatively easy to script up I suppose.

Also if the password is expired is there a grace period past which a
user cant reset when they next login?

I don't believe so.

I notice that there are commands like,

ipa pwpolicy-show --user=jsmith

"ipa" isnt installed on std IPA clients? what package is needed to allow
users access to this command, would allowing them access be a problem?

The ipa tool is in the [free]ipa-admintools package. There is no reason you can't install this on every client, we just figured it would be overkill to include it by default.


Freeipa-users mailing list

Reply via email to