On 08/28/2014 04:18 PM, Zip Ly wrote:
Hi,
I'm trying to change a user password without reset.
If I use the (primary) admin to change the password then it doesn't
need a password reset, because the expire lifetime is 90 days.
But if I create a second admin, then every password change made by the
second admin needs a password reset, because the password is expired
immediately.
1a) Does anyone knows how I can change the policy/privilege of the
second admin so every password change doesn't require a reset?
1b) and is it possible to set a different expire lifetime like zero
for unlimited lifetime?
You are probably changing password for the admin himself.
Isn't there a different flow when admin changes his own password?
It's almost the same bugreport as
https://fedorahosted.org/freeipa/ticket/2795 but the difference is
there should be 2 policies: one for changing your own password and
another for resetting other users password.
2) Are there more differences in policies between the first (primary)
admin and the second admin you just created?
Kind regards,
Zip
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project