Petr Vobornik wrote:
On 08/28/2012 09:44 AM, free...@noboost.org wrote:
Hi All,

System:
Red Hat Enterprise Linux Server release 6.3 (Santiago)
ipa-server-2.2.0


Question:
Has anyone managed to to actually set an expiry date (or longer 900+
day expiry
time) on user account passwords in IPA?

From my testing, the default of 90 days is hard coded and the only way
to extend it is via LDAP and the "krbPasswordExpiration:" attribute?

cya

Craig


Hi Craig,

You can set password policies for various user groups. In IPA is a
dafault policy: global_policy. You can change password max life to 1000
days by following command:

# ipa pwpolicy-mod --maxlife=1000

Or in Web UI: Policy/Password Policies/global_policy

When user resets his password this policy will be applied on it.

IPA CLI and Web UI don't have options to set user password's expiration
date directly.


I just want to stress one point here. The expiration date is set when a password is changed. Changing the policy does not affect current password expiration dates.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to