Vitaly wrote:
if you want that the password never expires for some users you should
created a password policy where the password never expires and assign
the policy to the users.
Thank you, Sumit.
As far as I understand, I need to tweak krbPasswordExpiration anyway
if password was changed before password policy was applied.
From another side, I have a weird issue with password policy:
#ipa user-show serviceinvoker --all
....
Member of groups: ...., services
#ipa pwpolicy-show services
Group: services
But
# ipa pwpolicy-show --user serviceinvoker
Group: global_policy
Curious. We'd need to see more details of the password policy, priority
for example.
Does this show the right policy?
ipa user-show --all serviceinvoker |grep krbpwdpolicyreference
On Tue, Jul 2, 2013 at 4:07 PM, Sumit Bose <sb...@redhat.com> wrote:
On Tue, Jul 02, 2013 at 03:41:54PM +0300, Vitaly wrote:
I already read
https://www.redhat.com/archives/freeipa-users/2012-September/msg00026.htmlthread,
but I am not sure I understand suggested solution.
So my question - how I can change krbPasswordExpiration for certain account?
ipa user-mod service --setattr=krbPasswordExpiration=20381231011529Z
if you want that the password never expires for some users you should
created a password policy where the password never expires and assign
the policy to the users.
See 'ipa help pwpolicy' for more details.
HTH
bye,
Sumit
returns
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the
'krbPasswordExpiration' attribute of entry
'uid=service,cn=users,cn=accounts,dc=example,dc=com'.
TIA,
Vitaly
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users