Hebert, Henry wrote:
Aha! See Max failures below...
[root@hostname ~]# ipa pwpolicy-show --user=admin
Group: global_policy
Max lifetime (days): 365
Min lifetime (hours): 1
History size: 1
Character classes: 1
Min length: 8
Max failures: 12
Failure reset interval: 0
Lockout duration: 0
is there a command like pam_tally2 for ipa to reset the number of failed
logins?
ipa user-unlock <user>
You need to be in the admins group to execute this. The account is
permanently lock (until unlocked) because the lockout duration is 0,
meaning forever.
If you have the DM password we can use that account to unlock admin if
you have no other users in the admins group.
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
