On ma, 06 maalis 2017, David Kupka wrote:
On Fri, Mar 03, 2017 at 08:44:45PM +0530, Rakesh Rajasekharan wrote:
Am using Freeipa 4.4 version .
I would like to create few users only valid for few days or months. So,is
there a way to create few users with a preset expiration or auto lock those
accounts after a few days
AFAIK there's no mechanism to Lock the user account after period of time or at
specified time. You need to call "ipa user-disable LOGIN" manually.
Actually, no. You can use krbPrincipalExpiration attribute to force
account to expire. Once it is expired, both Kerberos and LDAP password
bind will refuse it operating.
Use --principal-expiration=DATETIME to 'ipa user-mod'.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project