[Freeipa-users] password policy
Rob Crittenden
rcritten at redhat.com
Tue May 1 02:07:25 UTC 2012
Steven Jones wrote:
> Is there a way for a standard user to query how long before his password
> is going to expire?
>
> ie locally we can do chage --list <user>
chage requires shadow passwords IIRC and we don't provide that map in
sssd. Off the top of my head I think the only way to get it would be an
ldapsearch which would be rather nasty. Would be relatively easy to
script up I suppose.
> Also if the password is expired is there a grace period past which a
> user cant reset when they next login?
I don't believe so.
> I notice that there are commands like,
>
> ipa pwpolicy-show --user=jsmith
>
> "ipa" isnt installed on std IPA clients? what package is needed to allow
> users access to this command, would allowing them access be a problem?
The ipa tool is in the [free]ipa-admintools package. There is no reason
you can't install this on every client, we just figured it would be
overkill to include it by default.
rob
More information about the Freeipa-users
mailing list