Dmitri Pal wrote:
On 02/10/2013 11:22 PM, Rajnesh Kumar Siwal wrote:
The details are as follows:-
[root@ipa1 ~]# ipa pwpolicy-show
Group: global_policy
Max lifetime (days): 90
Min lifetime (hours): 1
History size: 0
Character classes: 0
Min length: 12
Max failures: 6
Failure reset interval: 60
Lockout duration: 600
[root@ipa1 ~]# ipa user-show siwal --all --raw
dn: uid=siwal,cn=users,cn=accounts,dc=xyz,dc=dmz
uid: siwal
sn: Kumar
cn: siwal
homedirectory: /home/siwal
loginshell: /bin/bash
krbprincipalname: [email protected]
uidnumber: 522
gidnumber: 522
nsaccountlock: False
has_password: True
has_keytab: True
ipauniqueid: 65775332-712f-11e2-b3cc-000c298a58a4
krblastpwdchange: 20130208035343Z
krblastsuccessfulauth: 20130208035929Z
krbpasswordexpiration: 20130208035343Z
memberof: cn=ipausers,cn=groups,cn=accounts,dc=xyz,dc=dmz
memberofindirect: cn=software,cn=groups,cn=accounts,dc=xyz,dc=dmz
objectclass: krbticketpolicyaux
objectclass: ipaobject
objectclass: organizationalperson
objectclass: top
objectclass: ipasshuser
objectclass: inetorgperson
objectclass: person
objectclass: inetuser
objectclass: krbprincipalaux
objectclass: shadowaccount
objectclass: posixaccount
objectclass: ipaSshGroupOfPubKeys
shadowlastchange: 14879
shadowmax: 99999
shadowmin: 0
shadowwarning: 7
Shadow? Is this normal for IPA accounts? I do not remember seeing it before.
They have added the shadowAccount objectclass. I also don't see a
password policy reference in this user.
Does ipa pwpolicy-show --user=siwal return anything?
You might check /var/lig/dirsrv/slapd-YOUR_REALM/errors for any issues.
And note that there is a minimum lifetime on passwords so they can't be
changed too quickly.
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
