Re: [Freeipa-users] Password policy for admin account not working
Thank you Rob. That makes sense but I could have sworn I changed the policy before expiration. Resetting it did indeed resolve the issue though. Sorry for the headache. On Mon, 1/12/15, Rob Crittenden wrote: Subject: Re: [Freeipa-users] Password policy for admin account not working To: "sipazzo" , "Freeipa-users@redhat.com" Date: Monday, January 12, 2015, 11:48 AM sipazzo wrote: > > Good morning, I created a "service" password policy that prevents password expiration and gave it a priority of 0. I then created a "service" user group and applied the policy to the group. I added my admin user to this group so their password would not expire. However, it continues to expire anyway. I have other (not built-in) accounts that use this policy successfully so it seems like the priority is not working correctly. I am unable to change the priority on the global_policy. Is my only option to add another policy with the same config as the global policy but a lower priority and assign that to all my users? > Password policy for expiration is applied at the time the password is changed/set, not retroactively, so you may just need to reset the password on those accounts. To see what policy will be applied to a give user do: $ ipa pwpolicy-show --user=someuser rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Password policy for admin account not working
sipazzo wrote: > > Good morning, I created a "service" password policy that prevents password > expiration and gave it a priority of 0. I then created a "service" user group > and applied the policy to the group. I added my admin user to this group so > their password would not expire. However, it continues to expire anyway. I > have other (not built-in) accounts that use this policy successfully so it > seems like the priority is not working correctly. I am unable to change the > priority on the global_policy. Is my only option to add another policy with > the same config as the global policy but a lower priority and assign that to > all my users? > Password policy for expiration is applied at the time the password is changed/set, not retroactively, so you may just need to reset the password on those accounts. To see what policy will be applied to a give user do: $ ipa pwpolicy-show --user=someuser rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] Password policy for admin account not working
Good morning, I created a "service" password policy that prevents password expiration and gave it a priority of 0. I then created a "service" user group and applied the policy to the group. I added my admin user to this group so their password would not expire. However, it continues to expire anyway. I have other (not built-in) accounts that use this policy successfully so it seems like the priority is not working correctly. I am unable to change the priority on the global_policy. Is my only option to add another policy with the same config as the global policy but a lower priority and assign that to all my users? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project