Thank you Rob. That makes sense but I could have sworn I changed the policy 
before expiration. Resetting it did indeed resolve the issue though. Sorry for 
the headache.
--------------------------------------------
On Mon, 1/12/15, Rob Crittenden <rcrit...@redhat.com> wrote:

 Subject: Re: [Freeipa-users] Password policy for admin account not working
 To: "sipazzo" <sipa...@yahoo.com>, "Freeipa-users@redhat.com" 
<Freeipa-users@redhat.com>
 Date: Monday, January 12, 2015, 11:48 AM
 
 sipazzo wrote:
 >
 
 > Good morning, I created a
 "service" password policy that prevents password
 expiration and gave it a priority of 0. I then created a
 "service" user group and applied the policy to the
 group. I added my admin user to this group so their password
 would not expire. However, it continues to expire anyway. I
 have other (not built-in) accounts that use this policy
 successfully so it seems like the priority is not working
 correctly. I am unable to change the priority on the
 global_policy. Is my only option to add another policy with
 the same config as the global policy but a lower priority
 and assign that to all my users? 
 >
 
 
 Password policy for
 expiration is applied at the time the password is
 changed/set, not retroactively, so you may just
 need to reset the
 password on those
 accounts.
 
 To see what
 policy will be applied to a give user do:
 
 $ ipa pwpolicy-show
 --user=someuser
 
 rob
 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to