thanks a lot for your answer. The krbPrincipalExpiration should do the job.
2013/1/28 Martin Kosek <mko...@redhat.com>
> On 01/28/2013 12:14 PM, James James wrote:
> > Hi, in 389-ds there is a nice plugin I love, it's account policy. You
> can set
> > account expiration date and the account will be inactive at this day.
> > Is there a way to have this feature with freeipa ?
> > Regards.
> > James
> Hello James,
> FreeIPA user plugin does not support this feature, you would need to hack
> it in
> the plugin yourselves (patches welcome :-).
> Generally, you should be able to set account expiration to
> krbPrincipalExpiration attribute of the user account and it should just
> You can also check few tickets we have already few tickets filed for better
> handling of this attribute:
> [RFE] Allow admins to change expiration attribute for the accounts
> KrbPrincipalExpiration should be checked in pre-bind op
> [RFE] Expose the krbPrincipalExpiration attribute for editing in the IPA
> CLI /
> Anyway, if you want a support for this particular plugin, you can file an
> to Trac/Bugzilla which we will further process.
Freeipa-users mailing list