Hi, OK, but as far as I understand we made some change, using a commandline command which I cannot remember or find, which goes around the password policy, or the attribute you talk about, when you add a user.
Can I change that globally? As we did it seems... but we were testing so much back those days that it seems to be lost or so. Thanks, Matt 2015-02-05 13:21 GMT+01:00 Dmitri Pal <[email protected]>: > On 02/05/2015 05:54 AM, Matt . wrote: >> >> In the past we have done some testsetups with password expiring after >> we added a user, at the moment I have difficulties with this on 4.1.2 >> >> What I need is the following: >> >> - We add a user using json/kinit >> - The user is added in the right way >> - tThe user should be able to use his set password by the admin (at least >> ldap) >> >> At the moment the password is expired directly and I tried adding the >> user with min/max lifetime to 0/0 which didn't work out. Als 0/500 >> doesn't seem to fix my issue. >> >> I thought we had to do a little but more to accomplish this, but I'm >> not able to find this (anymore) >> >> Does someone have a clue how to fix this ? I'm quite sure this is >> possible. >> >> Thanks, >> >> Matt >> > It was always the feature of IPA to require password change on the first > login after it was created. > If you do not want it to be expired you need to change the expiration > attribute of the account not min max life. > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
