I am trying to use the krblastsuccessfulauth attribute to detect accounts that 
have been inactive for >90 days as per this post: 
I need to be able to disable these accounts at 90 days then delete them after 
180 days.
However, I find most of my users do not have the krblastsuccessfulauth 
attribute populated. This is not because their accounts have never been used as 
I see they do have valid passwords which expire in the future so they had to 
login at least once (not necessarily with Kerberos though). Is there another 
attribute we can/should use for this?

Justean Giger
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to