On 05/03/2016 08:20 AM, Rakesh Rajasekharan wrote:
> Hi,
> I am running a freeipa server 4.2.x.
> I have the following password global password policy set to force a history 
> of 3
> ipa pwpolicy-mod global_policy --history=3 --maxlife=90 --minlength=8 
> --maxfail=3 --failinterval=300
> This works good when the user himself changes the password.. and IPA does not 
> allow reusing older password.
> However, if the admin resets it "ipa user-mod testuser --random" then it 
> seems 
> to reset the password history as well and the user can now re-use his older 
> password
> Is this expected or is there something I can do about it.

Good question, CCing Simo on this one.

> Also, is there a way to get the password expiry warning at the terminal when 
> a 
> user logs in , something similar to the "pwdExpireWarning" in ldap.
> I searched a bit and could only find setting up email alerts .

CCing Jakub from SSSD team.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to