On Mon, 2013-07-15 at 20:25 -0500, KodaK wrote:
> On Mon, Jul 15, 2013 at 7:04 PM, Dmitri Pal <d...@redhat.com> wrote:
>         You probably want to remove krbPwdHistory attribute and set
>         krbPwdHistoryLength to 0.
> Just so I'm clear:  I only want to do a one-time erase for one user so
> he can use a password he was using
> earlier.  We changed it for testing and I don't think that should be
> held against him. :)
> I'm not sure if this disables password history for that user or just
> clears it.

If you remove the krbPwdHistory attribute from the user's entry the user
will have no history.
That should be sufficient to allow you to change 'back' his password.

Other means are: change the password as many times as
krbPwdHistoryLength says and finally you'll be able to start again
setting the old password.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to