[Freeipa-users] How to disable user automatically when he becomes locked
Natxo Asenjo
natxo.asenjo at gmail.com
Wed Dec 4 10:44:04 UTC 2013
On Wed, Dec 4, 2013 at 10:59 AM, Исаев Виталий Анатольевич
<isaev at fintech.ru> wrote:
> Dear Freeipa users and developers,
>
>
>
> We need to alter the default behavior of the IdM server in the situation
> when user exceeds the limit of incorrect password login attempts.
>
> By default the user is getting locked in this case, but we need to disable
> him fully.
As in, delete the user? Because locking the account is disabling it
unless I misunderstand it. I cannot log in, my cron jobs will fail, I
cannot use any ldap/kerberos service because my account is disabled.
What do you need exactly? Or maybe you refer to the fact that the lock
is temporary (standard 600 seconds, after which you may try logging in
again? In that case, change that in the password policies (in the web
interface, policy tab, then password policy, then open the
global_policy, then edit the lockout duration field and update it.
--
Groet,
Natxo
More information about the Freeipa-users
mailing list