Hi, Spec: Red Hat Enterprise Linux Server release 6.2 (Santiago) ipa-admintools-2.1.3-9.el6.x86_64 ipa-client-2.1.3-9.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-python-2.1.3-9.el6.x86_64 ipa-server-2.1.3-9.el6.x86_64 ipa-server-selinux-2.1.3-9.el6.x86_64
Issue: Firstly I'll declare someone must have seen this by now? I've set the password policy to 99999; [root@sysvm-ipa ~]# ipa pwpolicy-show Group: global_policy Max lifetime (days): 99999 Min lifetime (hours): 1 History size: 0 Character classes: 0 Min length: 6 Max failures: 6 Failure reset interval: 60 Lockout duration: 600 But old accounts are not getting the change at the ldap level, even though IPA claims the expiry date has updated. e.g. [root@sysvm-ipa ~]# ipa pwpolicy-show --user=john Group: global_policy Max lifetime (days): 99999 Min lifetime (hours): 1 History size: 0 Character classes: 0 Min length: 6 Max failures: 6 Failure reset interval: 60 Lockout duration: 600 ldapsearch (command chopped) # john, users, accounts, teratext.saic.com.au dn: uid=john,cn=users,cn=accounts,dc=example,dc=com krbPasswordExpiration: 20120506011529Z So now when the user(s) logs in, I'm getting "password will expire in XX days" messages. Any ideas? Can I globally update this somehow, otherwise I'll be re-typing passwords for a while. cya Craig _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
