On Mon, 2012-12-17 at 11:00 -0800, Brian Cook wrote: > >>>>> > >>>>> Is it possible to lock out an user account on a set date? > >>>>> > >>>>> > >>>> > >>>> You should be able to set the krbPrincipalExpiration attribute to expire > >>>> an account on a set date. > >>>> > >>>> However note this: https://fedorahosted.org/freeipa/ticket/3305 > >>>> > >>>> > >>>> > >>>> It means ti will work with krb auth but not with ldap binds for now. > >>>> > >>>> > >>>> > >>> > >>> Thanks! That worked like a charm!! > >>> > >>> > >>> Is there any active ticket to have this property exposed for editing in > >>> the IPA CLI / WEBUI? > >>> > >> > >> No, an RFE ticket would be welcome though. > >> > > > > Ok, for the record: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=887988 > > > > > > Rgds, > > Siggi > > > > It would be better though to have a real account expiration setting in the UI > that not only set krbPrincipalExpiration but also locked the ldap user > account and any other appropriate actions. > > > Brian
Brian, that's what #3305 above is for. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
