Thank you Rob. That makes sense but I could have sworn I changed the policy 
before expiration. Resetting it did indeed resolve the issue though. Sorry for 
the headache.
On Mon, 1/12/15, Rob Crittenden <> wrote:

 Subject: Re: [Freeipa-users] Password policy for admin account not working
 To: "sipazzo" <>, "" 
 Date: Monday, January 12, 2015, 11:48 AM
 sipazzo wrote:
 > Good morning, I created a
 "service" password policy that prevents password
 expiration and gave it a priority of 0. I then created a
 "service" user group and applied the policy to the
 group. I added my admin user to this group so their password
 would not expire. However, it continues to expire anyway. I
 have other (not built-in) accounts that use this policy
 successfully so it seems like the priority is not working
 correctly. I am unable to change the priority on the
 global_policy. Is my only option to add another policy with
 the same config as the global policy but a lower priority
 and assign that to all my users? 
 Password policy for
 expiration is applied at the time the password is
 changed/set, not retroactively, so you may just
 need to reset the
 password on those
 To see what
 policy will be applied to a give user do:
 $ ipa pwpolicy-show

Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to