On 08/28/2012 09:44 AM, free...@noboost.org wrote:
Red Hat Enterprise Linux Server release 6.3 (Santiago)
Has anyone managed to to actually set an expiry date (or longer 900+ day expiry
time) on user account passwords in IPA?
From my testing, the default of 90 days is hard coded and the only way
to extend it is via LDAP and the "krbPasswordExpiration:" attribute?
You can set password policies for various user groups. In IPA is a
dafault policy: global_policy. You can change password max life to 1000
days by following command:
# ipa pwpolicy-mod --maxlife=1000
Or in Web UI: Policy/Password Policies/global_policy
When user resets his password this policy will be applied on it.
IPA CLI and Web UI don't have options to set user password's expiration
Freeipa-users mailing list