On ma, 06 maalis 2017, David Kupka wrote:
On Fri, Mar 03, 2017 at 08:44:45PM +0530, Rakesh Rajasekharan wrote:

Am using Freeipa 4.4 version .

I would like to create few users only valid for few days or  months. So,is
there a way to create few users with a preset expiration or auto lock those
accounts after a few days

Hello Rhakesh,
AFAIK there's no mechanism to Lock the user account after period of time or at
specified time. You need to call "ipa user-disable LOGIN" manually.

Actually, no. You can use krbPrincipalExpiration attribute to force
account to expire. Once it is expired, both Kerberos and LDAP password
bind will refuse it operating.

Use --principal-expiration=DATETIME to 'ipa user-mod'.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to