sipazzo wrote:
> Good morning, I created a "service" password policy that prevents password 
> expiration and gave it a priority of 0. I then created a "service" user group 
> and applied the policy to the group. I added my admin user to this group so 
> their password would not expire. However, it continues to expire anyway. I 
> have other (not built-in) accounts that use this policy successfully so it 
> seems like the priority is not working correctly. I am unable to change the 
> priority on the global_policy. Is my only option to add another policy with 
> the same config as the global policy but a lower priority and assign that to 
> all my users? 

Password policy for expiration is applied at the time the password is
changed/set, not retroactively, so you may just need to reset the
password on those accounts.

To see what policy will be applied to a give user do:

$ ipa pwpolicy-show --user=someuser


Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to