On 09/02/2014 10:42 AM, Zip Ly wrote: > @Martin > > The second admin is my service account. I use this account to communicate > with our webapplication (it uses keytab and post/curl json to ipa). I can > add users without a problem. But when it comes to changing password, the > password is expired immediately. > > I have only one password policy and that's the 'global_policy'. The > --maxlife you mentioned only affect this policy. If I use this service > account to change the user password, the policy is ignored just as stated > in the ipa wiki. Even if I set the --maxlife to 200, if the password is > being resetted by this first admin, then the expire date is set to 90 days > or expired immediately by the second admin/service account. > > That's why I want to know how to change this 90 days and also apply it for > the service account.
What version of FreeIPA do you use? Maybe you are hitting https://fedorahosted.org/freeipa/ticket/3968 that we fixed in FreeIPA 3.3.3. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project