Re: [Freeipa-users] deleting password history?

[KodaK]

On Mon, Jul 15, 2013 at 7:04 PM, Dmitri Pal d...@redhat.com wrote:

 You probably want to remove krbPwdHistory attribute and set
 krbPwdHistoryLength to 0.


 Just so I'm clear:  I only want to do a one-time erase for one user so he
can use a password he was using
earlier.  We changed it for testing and I don't think that should be held
against him. :)

I'm not sure if this disables password history for that user or just clears
it.

Thanks,

--Jason

-- 
The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] deleting password history?

[Simo Sorce]

On Mon, 2013-07-15 at 20:25 -0500, KodaK wrote:
 
 
 On Mon, Jul 15, 2013 at 7:04 PM, Dmitri Pal d...@redhat.com wrote:
 You probably want to remove krbPwdHistory attribute and set
 krbPwdHistoryLength to 0.
 
 Just so I'm clear:  I only want to do a one-time erase for one user so
 he can use a password he was using
 earlier.  We changed it for testing and I don't think that should be
 held against him. :)
 
 
 I'm not sure if this disables password history for that user or just
 clears it.

If you remove the krbPwdHistory attribute from the user's entry the user
will have no history.
That should be sufficient to allow you to change 'back' his password.

Other means are: change the password as many times as
krbPwdHistoryLength says and finally you'll be able to start again
setting the old password.

Simo.


-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users