Hi JR,

Thanks and I'm sorry for the delay.
Your idea is good and I used something like that for other openldap
implementation but in this case I need that all my users continue using
their userid and pass in order to log in.
We use NoMachine for Remote Access  and this application has problem
with password expiration or password change that is the reason why I was
thinking bypass the password policies.
Please let me know if you need any additional information about it.


On 09/20/2013 04:10 PM, JR Aquino wrote:
> Is your client simply using LDAP to bind and authenticate your service?
> If so, you may be able to create a special dedicated sysaccount in: 
> cn=sysaccounts,cn=etc,dc=domain,dc=com
> This account could be used to bind your service without having it be a member 
> of the standard users database subjected to Password Policy expirations etc.
> "You cannot hope to secure that which you do not first understand"
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Jr Aquino | Sr. Information Security Specialist
> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester
> GCIH | GIAC Certified Incident Handler
> GWAPT | GIAC WebApp Penetration Tester
> Citrix Online | 7408 Hollister Avenue | Goleta, CA 
> 93117<x-apple-data-detectors://0/0>
> T:  +1 805.690.3478<tel:+1%C2%A0805.690.3478>
> C: +1 805.717.0365<tel:+1%20805.717.0365>
> jr.aqu...@citrix.com<mailto:jr.aqu...@citrixonline.com>
> http://www.citrixonline.com<http://www.citrixonline.com/>
> On Sep 18, 2013, at 10:00 AM, cbul...@gmail.com<mailto:cbul...@gmail.com> 
> wrote:
> Hi,
> We have a client server connected to the IPA server using NIS. It's
> working well but we have a service running at client server that doesn't
> handle the password expiration properly.
> Is it possible to bypass the Password Policies from this client server?
> Thanks!
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users

Freeipa-users mailing list

Reply via email to