[Freeipa-users] Account Expiration
James James
jreg2k at gmail.com
Thu Feb 7 00:20:02 UTC 2013
Can somebody gives me some help to set krbPrincipalExpiration from the
freeipa ui ?
Many thanks
2013/1/28 James James <jreg2k at gmail.com>
> Hi Martin,
> thanks a lot for your answer. The krbPrincipalExpiration should do the job.
>
> Regards.
>
>
> 2013/1/28 Martin Kosek <mkosek at redhat.com>
>
>> On 01/28/2013 12:14 PM, James James wrote:
>> > Hi, in 389-ds there is a nice plugin I love, it's account policy. You
>> can set
>> > account expiration date and the account will be inactive at this day.
>> >
>> >
>> http://directory.fedoraproject.org/wiki/Account_Policy_Design#Detailed_Design_of_Account_Expiration
>> >
>> > Is there a way to have this feature with freeipa ?
>> >
>> > Regards.
>> >
>> >
>> > James
>> >
>>
>> Hello James,
>>
>> FreeIPA user plugin does not support this feature, you would need to hack
>> it in
>> the plugin yourselves (patches welcome :-).
>>
>> Generally, you should be able to set account expiration to
>> krbPrincipalExpiration attribute of the user account and it should just
>> work.
>> You can also check few tickets we have already few tickets filed for
>> better
>> handling of this attribute:
>>
>> https://fedorahosted.org/freeipa/ticket/3062
>> [RFE] Allow admins to change expiration attribute for the accounts
>>
>> https://fedorahosted.org/freeipa/ticket/3305
>> KrbPrincipalExpiration should be checked in pre-bind op
>>
>> https://fedorahosted.org/freeipa/ticket/3306
>> [RFE] Expose the krbPrincipalExpiration attribute for editing in the IPA
>> CLI /
>> WEBUI
>>
>>
>> Anyway, if you want a support for this particular plugin, you can file an
>> RFE
>> to Trac/Bugzilla which we will further process.
>>
>> HTH,
>> Martin
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130207/ca8e6c86/attachment.htm>
More information about the Freeipa-users
mailing list