<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi,<br>
<br>
I am setting up an LDAP connection from our Identity Management
system which provisions our IPA servers with fresh users and groups.<br>
I set it up pretty nice so far, with some added privileges for
change admin passwords and avoiding password resets.<br>
But when we create a brand new user with a password, IPA resets the
krbPasswordExpiration to match the IPA password policy - but we have
another policy in our central identity management which gets must
get set at user create time.<br>
<br>
So the question is:<br>
Is there any way I can avoid getting krbPasswordExpiration reset to
match the password policy?<br>
<br>
and a followup question:<br>
Is this the same with AD sync? passwords from AD gets synced, but
expiration is determined by local password policies on the IPA
servers?<br>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title></title>
<meta name="generator" content="LibreOffice 4.2.8.2 (Linux)">
<meta name="author" content="Martin Mortensen">
<meta name="created" content="20150224;91312788439017">
<meta name="changedby" content="Martin Mortensen">
<meta name="changed" content="20150224;92319227743406">
<style type="text/css">
<!--
@page { margin: 0.79in }
p { margin-bottom: 0.1in; line-height: 120% }
a:link { so-language: zxx }
-->
</style>
<p><font face="Utopia, serif"><span lang="da-DK">
Martin R Mortensen<br>
Linux Specialist<br>
</span></font></p>
<p><font face="Utopia, serif"><span lang="da-DK">University of
Copenhagen<br>
</span></font></p>
</div>
</body>
</html>