[Freeipa-users] Account Expiration
Martin Kosek
mkosek at redhat.com
Mon Jan 28 15:58:59 UTC 2013
On 01/28/2013 12:14 PM, James James wrote:
> Hi, in 389-ds there is a nice plugin I love, it's account policy. You can set
> account expiration date and the account will be inactive at this day.
>
> http://directory.fedoraproject.org/wiki/Account_Policy_Design#Detailed_Design_of_Account_Expiration
>
> Is there a way to have this feature with freeipa ?
>
> Regards.
>
>
> James
>
Hello James,
FreeIPA user plugin does not support this feature, you would need to hack it in
the plugin yourselves (patches welcome :-).
Generally, you should be able to set account expiration to
krbPrincipalExpiration attribute of the user account and it should just work.
You can also check few tickets we have already few tickets filed for better
handling of this attribute:
https://fedorahosted.org/freeipa/ticket/3062
[RFE] Allow admins to change expiration attribute for the accounts
https://fedorahosted.org/freeipa/ticket/3305
KrbPrincipalExpiration should be checked in pre-bind op
https://fedorahosted.org/freeipa/ticket/3306
[RFE] Expose the krbPrincipalExpiration attribute for editing in the IPA CLI /
WEBUI
Anyway, if you want a support for this particular plugin, you can file an RFE
to Trac/Bugzilla which we will further process.
HTH,
Martin
More information about the Freeipa-users
mailing list