I am setting up an LDAP connection from our Identity Management system
which provisions our IPA servers with fresh users and groups.
I set it up pretty nice so far, with some added privileges for change
admin passwords and avoiding password resets.
But when we create a brand new user with a password, IPA resets the
krbPasswordExpiration to match the IPA password policy - but we have
another policy in our central identity management which gets must get
set at user create time.
So the question is:
Is there any way I can avoid getting krbPasswordExpiration reset to
match the password policy?
and a followup question:
Is this the same with AD sync? passwords from AD gets synced, but
expiration is determined by local password policies on the IPA servers?
Martin R Mortensen
University of Copenhagen
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project