Petr Vobornik wrote:
On 08/28/2012 09:44 AM, free...@noboost.org wrote:
Red Hat Enterprise Linux Server release 6.3 (Santiago)
Has anyone managed to to actually set an expiry date (or longer 900+
time) on user account passwords in IPA?
From my testing, the default of 90 days is hard coded and the only way
to extend it is via LDAP and the "krbPasswordExpiration:" attribute?
You can set password policies for various user groups. In IPA is a
dafault policy: global_policy. You can change password max life to 1000
days by following command:
# ipa pwpolicy-mod --maxlife=1000
Or in Web UI: Policy/Password Policies/global_policy
When user resets his password this policy will be applied on it.
IPA CLI and Web UI don't have options to set user password's expiration
I just want to stress one point here. The expiration date is set when a
password is changed. Changing the policy does not affect current
password expiration dates.
Freeipa-users mailing list