On Mon, 2012-12-17 at 11:00 -0800, Brian Cook wrote:
> >>>>> 
> >>>>> Is it possible to lock out an user account on a set date?
> >>>>> 
> >>>>> 
> >>>> 
> >>>> You should be able to set the krbPrincipalExpiration attribute to expire
> >>>> an account on a set date.
> >>>> 
> >>>> However note this: https://fedorahosted.org/freeipa/ticket/3305
> >>>> 
> >>>> 
> >>>> 
> >>>> It means ti will work with krb auth but not with ldap binds for now.
> >>>> 
> >>>> 
> >>>> 
> >>> 
> >>> Thanks! That worked like a charm!!
> >>> 
> >>> 
> >>> Is there any active ticket to have this property exposed for editing in 
> >>> the IPA CLI / WEBUI?
> >>> 
> >> 
> >> No, an RFE ticket would be welcome though.
> >> 
> > 
> > Ok, for the record:
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=887988
> > 
> > 
> > Rgds,
> > Siggi
> > 
> 
> It would be better though to have a real account expiration setting in the UI 
> that not only set krbPrincipalExpiration but also locked the ldap user 
> account and any other appropriate actions.
> 
> 
> Brian

Brian,
that's what #3305 above is for.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to