[Freeipa-users] Password expiration after reset
Hi guys, I'm trying to populate FreeIPA (4.2.3) using API, but after user creation (and password has been set) user must change password at first logon. Same beahviour after a password change by admin. Although this behaviour is desirable in many situations, I can't afford it, I've got to import tens of thousands users, and I can't force them to change their password. How can I bypass this password change? And, by the way: is there a way to disable password expiration? Thanks in advance, Giulio -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Password expiration after reset
On Wed, 16 Dec 2015, Giulio Casella wrote: Hi guys, I'm trying to populate FreeIPA (4.2.3) using API, but after user creation (and password has been set) user must change password at first logon. Same beahviour after a password change by admin. Although this behaviour is desirable in many situations, I can't afford it, I've got to import tens of thousands users, and I can't force them to change their password. How can I bypass this password change? And, by the way: is there a way to disable password expiration? http://www.freeipa.org/page/New_Passwords_Expired If you are using API to create users and set their passwords, you can use technique like described here: https://www.redhat.com/archives/freeipa-users/2012-June/msg00360.html -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Password expiration after reset
Il 16/12/2015 16:07, Alexander Bokovoy ha scritto: On Wed, 16 Dec 2015, Giulio Casella wrote: Hi guys, I'm trying to populate FreeIPA (4.2.3) using API, but after user creation (and password has been set) user must change password at first logon. Same beahviour after a password change by admin. Although this behaviour is desirable in many situations, I can't afford it, I've got to import tens of thousands users, and I can't force them to change their password. How can I bypass this password change? And, by the way: is there a way to disable password expiration? http://www.freeipa.org/page/New_Passwords_Expired If you are using API to create users and set their passwords, you can use technique like described here: https://www.redhat.com/archives/freeipa-users/2012-June/msg00360.html Thank you for the info Alexander, I wasn't aware of the page /ipa/session/change_password. After creating a user via API in the usual way (json submission to /ipa/session/json) I can perform a password change submitting user credential to /ipa/session/change_password, thus resetting password expiration accordingly to system settings. It works like a charme. Thank you again, Giulio. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project