[Freeipa-devel] [freeipa PR#621][comment] Add --password-expiration to allow an admin to force a password change
HonzaCholasta
freeipa-github-notification at redhat.com
Thu Mar 30 08:58:21 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/621
Title: #621: Add --password-expiration to allow an admin to force a password change
HonzaCholasta commented:
"""
@redhatrises, the "Admin can manage any entry" ACI in fact contains a blacklist of attributes which admins aren't allowed to write. To actually fix the issue you must also remove `krbPasswordExpiration` from the "Admin can manage any entry" ACI.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/621#issuecomment-290347117
More information about the Freeipa-devel
mailing list