[Freeipa-users] kinit - gui
Rob Crittenden
rcritten at redhat.com
Thu Aug 1 20:24:15 UTC 2013
Hebert, Henry wrote:
> Aha! See Max failures below...
>
> [root at hostname ~]# ipa pwpolicy-show --user=admin
> Group: global_policy
> Max lifetime (days): 365
> Min lifetime (hours): 1
> History size: 1
> Character classes: 1
> Min length: 8
> Max failures: 12
> Failure reset interval: 0
> Lockout duration: 0
>
> is there a command like pam_tally2 for ipa to reset the number of failed
> logins?
ipa user-unlock <user>
You need to be in the admins group to execute this. The account is
permanently lock (until unlocked) because the lockout duration is 0,
meaning forever.
If you have the DM password we can use that account to unlock admin if
you have no other users in the admins group.
rob
More information about the Freeipa-users
mailing list