[Fedora-directory-users] Re: force password change from web apps
Richard Megginson
rmeggins at redhat.com
Mon May 22 14:34:50 UTC 2006
Mikael Kermorgant wrote:
> I could formulate my question this way :
>
> Which attribute would be best suited to indicate a third application
> that the user who logs in must change his password ? Does such an
> attribute exist ?
If the password has expired, you could check for the operational
attribute passwordExpirationTime. If your clocks are closely sync'ed,
you can determine if passwordExpirationTime > now.
If you have enabled "grace" logins (allow the user to bind and change
the password after the expiration time), you can check for the presence
of the operational attribute passwordGraceUserTime.
If you are using a minimum password age, you can check the operational
attribute passwordAllowChangeTime to find out when the user is allowed
to change the password.
>
> Best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060522/ab60d213/attachment.bin>
More information about the Fedora-directory-users
mailing list