[Freeipa-users] Password Expiration Grace Limit
Ott, Dennis
Dennis.Ott at mckesson.com
Fri Sep 14 18:33:34 UTC 2012
There seems to be nothing in the documentation about a user being able to initiate a password change dialogue after their password has expired, yet it seems that one is able to do just that. There is a value in the ldap store, passwordGraceLimit, which is initialized to zero. I have modified that value but it seems to have no effect.
I would like to limit this ability to just a few days, or alternatively, completely lock out the account once the password has expired.
Does anyone have any insight as to how to do this? If not, is it planned for a future release?
I suppose I could look at a script running daily that would lock the account if the user's password has expired in the last X hours, but I was hoping for something builtin.
Any help is appreciated.
Dennis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120914/1c2cbc21/attachment.htm>
More information about the Freeipa-users
mailing list