On 12/09/2014 08:43 PM, Thomas Lau wrote:
FreeIPA Default is using 60days password expiry, how could I change it?
You go to password policies and change the global password policy.
You change MAX lifetime.
This is a global setting it will apply to new passwords/keytabs when
they are changed next time.
You can create other policies and apply them to groups it you need.
Also, for existing accounts, can I just change krbPasswordExpiration
I think the answer is yes.
anywhere else I need to change?
I think the answer is no
do I need to generate keytab
on Kerberos to activate new expiry date?
If you change the expiration in the attribute then no.
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project