Steven Jones wrote:
Login a directory manager?

Right, something like:

$ ldappasswd -x -D 'cn=directory manager' -W -S uid=admin,cn=users,cn=accounts,dc=example,dc=com

And don't set the maxlife to anything greater than say 4000.



Steven Jones

Technical Specialist - Linux RHCE

Victoria University ITS,

Level 8 Rankin Brown Building,

Wellington, NZ


0064 4 463 6272

From: <> on behalf 
of Mario Gonzalez <>
Sent: Tuesday, 15 April 2014 9:13 a.m.
Subject: [Freeipa-users] Locked out admin


I changed the max password life parameter to 30000 and now I cannot get
back in to undo it. If I try to do 'kinit admin' I only get a 'Password
expired. You must change it now' dialog that ends with:

kinit: Password has expired while getting initial credentials

Unfortunately as this is the 'admin' account  I cannot undo the damage.

Is there any way to fix this or have I messed up totally?


Freeipa-users mailing list

Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to