I am trying to use the krblastsuccessfulauth attribute to detect accounts that have been inactive for >90 days as per this post: https://www.redhat.com/archives/freeipa-users/2015-March/msg00052.html I need to be able to disable these accounts at 90 days then delete them after 180 days. However, I find most of my users do not have the krblastsuccessfulauth attribute populated. This is not because their accounts have never been used as I see they do have valid passwords which expire in the future so they had to login at least once (not necessarily with Kerberos though). Is there another attribute we can/should use for this?
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project