Hi,

I am setting up an LDAP connection from our Identity Management system which provisions our IPA servers with fresh users and groups. I set it up pretty nice so far, with some added privileges for change admin passwords and avoiding password resets. But when we create a brand new user with a password, IPA resets the krbPasswordExpiration to match the IPA password policy - but we have another policy in our central identity management which gets must get set at user create time.


So the question is:
Is there any way I can avoid getting krbPasswordExpiration reset to match the password policy?

and a followup question:
Is this the same with AD sync? passwords from AD gets synced, but expiration is determined by local password policies on the IPA servers?
--

Martin R Mortensen
Linux Specialist

University of Copenhagen

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to