URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
MartinBasti commented:
"""
master:
* 274b0bcf5ff2408739d94ba1b1b4bca69f310dfc Add --password-expiration to allow
admin to force user password expiration
"""
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
HonzaCholasta commented:
"""
Works for me. Thanks!
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/621#issuecomment-290635083
--
Manage you
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
redhatrises commented:
"""
@HonzaCholasta I also removed `krbPasswordExpiration` from the "Admin can
manage any entry" ACI.
"""
See the full comment at
https:/
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
HonzaCholasta commented:
"""
@redhatrises, the "Admin can manage any entry" ACI in fact contains a blacklist
of attributes which admins aren't allowed to write.
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
redhatrises commented:
"""
@HonzaCholasta updated "Admins can write passwords" ACI to contain
'krbPasswordExpiration' as the "Admin can manage any entry" ACI alr
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
HonzaCholasta commented:
"""
The `admin` user is not allowed to write to the attribute:
```
$ kinit admin
Password for ad...@abc.idm.lab.eng.brq.redhat.com:
$ ip
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
redhatrises commented:
"""
> @redhatrises, datetime.utcnow() is what I meant.
Oh good. Ready for your review.
"""
See the full comment at
https://github.com/fr
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
HonzaCholasta commented:
"""
@redhatrises, `datetime.utcnow()` is what I meant.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/621#issuecom
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password
change
redhatrises commented:
"""
@HonzaCholasta used `datetime.utcnow()` as I couldn't find a reference for
`datetime.utctime()`
"""
See the full comment at
https://