[Freeipa-users] Account Expiration
Rob Crittenden
rcritten at redhat.com
Wed Feb 13 20:34:51 UTC 2013
James James wrote:
> What is the IIRC docs ?
IIRC == If I Recall Correctly.
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#pwd-expiration
rob
>
>
> 2013/2/13 Rob Crittenden <rcritten at redhat.com <mailto:rcritten at redhat.com>>
>
> Petr Spacek wrote:
>
> On 12.2.2013 20:21, John Dennis wrote:
>
> On 02/12/2013 01:40 PM, Rob Crittenden wrote:
>
> Is it possible to ipa to send a email to user when
> his account is about
> to expire (the current date is near
> krbprincipalexpiration date) ?
>
>
> Not currently. In 3.0+ we will provide a notice when one
> logs into the
> WebUI but that's it.
>
> We can't be sure that an MTA is properly configured on
> the IPA server at
> install time so we have punted on this for a while. We
> don't want to get
> into the business of picking and configuring one. This
> is one of those
> things that seems really easy but gets complicated the
> deeper you dig
> into it. We're open to suggestions/patches.
>
>
> Yeah, I don't think we want to be in the business of
> installing and
> configuring an MTA. However, we should be able to detect if
> one is
> available
> and use it if it is. I think it would be reasonable to
> restrict it to
> LMTP
> with a Unix domain socket (most MTA's support this). Then
> our config
> would
> have a LMTP domain socket pathname, if that pathname exists
> and we can
> connect
> to it we use, if not we fallback to not generating any mail.
>
>
> In meanwhile, it should be relatively simple to code script
> which does
> ldapsearch from time to time and sends some e-mails. This script
> doesn't
> have to run on the same server as IPA, only access to LDAP and
> some MTA
> is required.
>
>
> Yes, that is our current recommendation. There is a sample query in
> the docs IIRC.
>
> rob
>
>
> _________________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
> https://www.redhat.com/__mailman/listinfo/freeipa-users
> <https://www.redhat.com/mailman/listinfo/freeipa-users>
>
>
More information about the Freeipa-users
mailing list