On 02/05/2015 05:54 AM, Matt . wrote:
In the past we have done some testsetups with password expiring after
we added a user, at the moment I have difficulties with this on 4.1.2
What I need is the following:
- We add a user using json/kinit
- The user is added in the right way
- tThe user
HI,
I'm already doing so without any luck. If you remember something,
would be nice to know!
So it should be possible to do still ?
2015-02-05 14:26 GMT+01:00 Dmitri Pal d...@redhat.com:
On 02/05/2015 07:59 AM, Matt . wrote:
Hi,
OK, but as far as I understand we made some change, using a
On 02/05/2015 07:59 AM, Matt . wrote:
Hi,
OK, but as far as I understand we made some change, using a
commandline command which I cannot remember or find, which goes around
the password policy, or the attribute you talk about, when you add a
user.
Can I change that globally? As we did it
On 02/05/2015 08:32 AM, Matt . wrote:
HI,
I'm already doing so without any luck. If you remember something,
would be nice to know!
So it should be possible to do still ?
Do the
ipa user-show --raw, there will be a time stamp. It is
krbPasswordExpiration attribute. It will be set to the user
Hi,
OK, but as far as I understand we made some change, using a
commandline command which I cannot remember or find, which goes around
the password policy, or the attribute you talk about, when you add a
user.
Can I change that globally? As we did it seems... but we were testing
so much back
Matt . wrote:
HI,
I'm already doing so without any luck. If you remember something,
would be nice to know!
So it should be possible to do still ?
If the DN of the entry adding the password is in passSyncManagersDNs in
the entry dn: cn=ipa_pwd_extop,cn=plugins,cn=config then the password
On 02/05/2015 01:21 PM, Dmitri Pal wrote:
On 02/05/2015 05:54 AM, Matt . wrote:
In the past we have done some testsetups with password expiring after
we added a user, at the moment I have difficulties with this on 4.1.2
What I need is the following:
- We add a user using json/kinit
- The
Hi,
Thank, this brought me further.
I don't see that attribute while kinit as admin.
When I use an ldap editor and login ad DM on my full cn domain I can
get into kerberos = My DN = cn=global policy. When when I set the
krbMaxPwdLife very high this doesn't matter, I need to higher up the
first
OK this works out good, I can login without changing my password directly.
But my expire is still on a day which should be set higer.
min is on 0 everywhere, max is 90 days.
How to accomplish that ?
2015-02-05 17:13 GMT+01:00 Matt . yamakasi@gmail.com:
Yes, when receiving your email I
Matt . wrote:
OK this works out good, I can login without changing my password directly.
But my expire is still on a day which should be set higer.
min is on 0 everywhere, max is 90 days.
How to accomplish that ?
I can't think of a way without modifying code.
Changing the password
Yes, when receiving your email I found that indeed. My ldapEditor
doesn't allow me to add that value, so this need to be done using the
commandline ?
2015-02-05 15:03 GMT+01:00 Rob Crittenden rcrit...@redhat.com:
Matt . wrote:
HI,
I'm already doing so without any luck. If you remember
11 matches
Mail list logo
