hi all,

i'm trying to limit the minimum and maximum lifetime of passwords (in particular the random password when a host is added; but i guess this more general).

(i'm using ipa 3.0 from el6 and also looking at 3.3 from rhel7 beta, but the relevant code seems the same or at least very similar)

i'm currently adding the host first via the api and then setting the random password with host_mod like


(for some reason, this is what is needed on 3.0; anyway, that's not my issue)

is there a way that i can change it easily somehow afterwards (preferred way) or can i create and use a custom pwpolicy class that sets my preferred defaults (min 1 minute, max 20 minutes); or do i monkeypatch the whole class (assuming that pwpolicy_add is called on the user side, not on the server side).

all tips are welcome.

many thanks,


Freeipa-users mailing list

Reply via email to