On 02/05/2015 08:32 AM, Matt . wrote:
HI,

I'm already doing so without any luck. If you remember something,
would be nice to know!

So it should be possible to do still ?

Do the
ipa user-show --raw, there will be a time stamp. It is krbPasswordExpiration attribute. It will be set to the user creation time (or something like, i.e. in the past). I think you can use ipa user-mod --setaddr... to set it to a value into the future.


2015-02-05 14:26 GMT+01:00 Dmitri Pal <d...@redhat.com>:
On 02/05/2015 07:59 AM, Matt . wrote:
Hi,

OK, but as far as I understand we made some change, using a
commandline command which I cannot remember or find, which goes around
the password policy, or the attribute you talk about, when you add a
user.

Can I change that globally? As we did it seems... but we were testing
so much back those days that it seems to be lost or so.

I do not remember the detils from top of my head. You can probably try to
search the mail archives.


Thanks,

Matt

2015-02-05 13:21 GMT+01:00 Dmitri Pal <d...@redhat.com>:
On 02/05/2015 05:54 AM, Matt . wrote:
In the past we have done some testsetups with password expiring after
we added a user, at the moment I have difficulties with this on 4.1.2

What I need is the following:

- We add a user using json/kinit
- The user is added in the right way
- tThe user should be able to use his set password by the admin (at
least
ldap)

At the moment the password is expired directly and I tried adding the
user with min/max lifetime to 0/0 which didn't work out. Als 0/500
doesn't seem to fix my issue.

I thought we had to do a little but more to accomplish this, but I'm
not able to find this (anymore)

Does someone have a clue how to fix this ? I'm quite sure this is
possible.

Thanks,

Matt

It was always the feature of IPA to require password change on the first
login after it was created.
If you do not want it to be expired you need to change the expiration
attribute of the account not min max life.

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to