Matt . wrote: > OK, nice,but this user failed on kinit but is in the group where the > policy is set to 0. > > Can I check on the commandline if it applies to that setting by > querying ldap in some way ? It could be that some other group > overrules in some way ?
$ ipa pwpolicy-show --user <someuser> > What about sysaccounts ? They seem to be locked also with too many > logins, and this concerns me as they are not POSIX. They may be getting the global policy applied. rob > > > > 2016-01-14 15:16 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>: >> Matt . wrote: >>> Hi Guys, >>> >>> I'm having an issue that a user which I use for the API is getting >>> locked out from time to time. >>> >>> I have created a specific password policy for this user with: >>> >>> Lockout duration (seconds) 0 >>> >>> But this doesn't help much. >>> >>> Anyone an idea how I can make sure a user is not locked out in any way >>> by lots of logins or tries, etc and be able to test it functions >>> allright ? >> >> Setting maxfail to 0 should do it. As for testing, be creative, but be >> sure to test both LDAP bind and kinit. >> >> rob >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
