Steven Jones wrote:
Is there a way for a standard user to query how long before his password
is going to expire?
ie locally we can do chage --list <user>
chage requires shadow passwords IIRC and we don't provide that map in
sssd. Off the top of my head I think the only way to get it would be an
ldapsearch which would be rather nasty. Would be relatively easy to
script up I suppose.
Also if the password is expired is there a grace period past which a
user cant reset when they next login?
I don't believe so.
I notice that there are commands like,
ipa pwpolicy-show --user=jsmith
"ipa" isnt installed on std IPA clients? what package is needed to allow
users access to this command, would allowing them access be a problem?
The ipa tool is in the [free]ipa-admintools package. There is no reason
you can't install this on every client, we just figured it would be
overkill to include it by default.
Freeipa-users mailing list