On Mon, 2013-07-15 at 20:25 -0500, KodaK wrote:
On Mon, Jul 15, 2013 at 7:04 PM, Dmitri Pal d...@redhat.com wrote:
You probably want to remove krbPwdHistory attribute and set
krbPwdHistoryLength to 0.
Just so I'm clear: I only want to do a one-time erase for one user so
he can use a password he was using
earlier. We changed it for testing and I don't think that should be
held against him. :)
I'm not sure if this disables password history for that user or just
clears it.
If you remove the krbPwdHistory attribute from the user's entry the user
will have no history.
That should be sufficient to allow you to change 'back' his password.
Other means are: change the password as many times as
krbPwdHistoryLength says and finally you'll be able to start again
setting the old password.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users