>>>>> 
>>>>> Is it possible to lock out an user account on a set date?
>>>>> 
>>>>> 
>>>> 
>>>> You should be able to set the krbPrincipalExpiration attribute to expire
>>>> an account on a set date.
>>>> 
>>>> However note this: https://fedorahosted.org/freeipa/ticket/3305
>>>> 
>>>> 
>>>> 
>>>> It means ti will work with krb auth but not with ldap binds for now.
>>>> 
>>>> 
>>>> 
>>> 
>>> Thanks! That worked like a charm!!
>>> 
>>> 
>>> Is there any active ticket to have this property exposed for editing in the 
>>> IPA CLI / WEBUI?
>>> 
>> 
>> No, an RFE ticket would be welcome though.
>> 
> 
> Ok, for the record:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=887988
> 
> 
> Rgds,
> Siggi
> 

It would be better though to have a real account expiration setting in the UI 
that not only set krbPrincipalExpiration but also locked the ldap user account 
and any other appropriate actions.


Brian

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to