>if you want that the password never expires for some users you should
>created a password policy where the password never expires and assign
>the policy to the users.
Thank you, Sumit.
As far as I understand, I need to tweak krbPasswordExpiration anyway
if password was changed before password policy was applied.
>From another side, I have a weird issue with password policy:
#ipa user-show serviceinvoker --all
Member of groups: ...., services
#ipa pwpolicy-show services
# ipa pwpolicy-show --user serviceinvoker
On Tue, Jul 2, 2013 at 4:07 PM, Sumit Bose <sb...@redhat.com> wrote:
> On Tue, Jul 02, 2013 at 03:41:54PM +0300, Vitaly wrote:
>> I already read
>> but I am not sure I understand suggested solution.
>> So my question - how I can change krbPasswordExpiration for certain account?
>> ipa user-mod service --setattr=krbPasswordExpiration=20381231011529Z
> if you want that the password never expires for some users you should
> created a password policy where the password never expires and assign
> the policy to the users.
> See 'ipa help pwpolicy' for more details.
>> ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the
>> 'krbPasswordExpiration' attribute of entry
>> Freeipa-users mailing list
> Freeipa-users mailing list
Freeipa-users mailing list