[Freeipa-users] User expiration on a certain date
Simo Sorce
simo at redhat.com
Mon Dec 17 19:04:26 UTC 2012
On Mon, 2012-12-17 at 11:00 -0800, Brian Cook wrote:
> >>>>>
> >>>>> Is it possible to lock out an user account on a set date?
> >>>>>
> >>>>>
> >>>>
> >>>> You should be able to set the krbPrincipalExpiration attribute to expire
> >>>> an account on a set date.
> >>>>
> >>>> However note this: https://fedorahosted.org/freeipa/ticket/3305
> >>>>
> >>>>
> >>>>
> >>>> It means ti will work with krb auth but not with ldap binds for now.
> >>>>
> >>>>
> >>>>
> >>>
> >>> Thanks! That worked like a charm!!
> >>>
> >>>
> >>> Is there any active ticket to have this property exposed for editing in the IPA CLI / WEBUI?
> >>>
> >>
> >> No, an RFE ticket would be welcome though.
> >>
> >
> > Ok, for the record:
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=887988
> >
> >
> > Rgds,
> > Siggi
> >
>
> It would be better though to have a real account expiration setting in the UI that not only set krbPrincipalExpiration but also locked the ldap user account and any other appropriate actions.
>
>
> Brian
Brian,
that's what #3305 above is for.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list