[Freeipa-devel] [freeipa PR#621][comment] Add --password-expiration to allow an admin to force a password change
HonzaCholasta
freeipa-github-notification at redhat.com
Wed Mar 29 14:48:54 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password change
HonzaCholasta commented:
"""
The `admin` user is not allowed to write to the attribute:
```
$ kinit admin
Password for admin at ABC.IDM.LAB.ENG.BRQ.REDHAT.COM:
$ ipa user-mod jcholast --password-expiration=now
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'krbPasswordExpiration' attribute of entry 'uid=jcholast,cn=users,cn=accounts,dc=abc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com'.
```
Please update the "Admin can manage any entry" ACI in `install/updates/20-aci.update`.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/621#issuecomment-290114123
More information about the Freeipa-devel
mailing list