[Freeipa-users] Account Expiration
James James
jreg2k at gmail.com
Mon Jan 28 20:14:00 UTC 2013
Hi Martin,
thanks a lot for your answer. The krbPrincipalExpiration should do the job.
Regards.
2013/1/28 Martin Kosek <mkosek at redhat.com>
> On 01/28/2013 12:14 PM, James James wrote:
> > Hi, in 389-ds there is a nice plugin I love, it's account policy. You
> can set
> > account expiration date and the account will be inactive at this day.
> >
> >
> http://directory.fedoraproject.org/wiki/Account_Policy_Design#Detailed_Design_of_Account_Expiration
> >
> > Is there a way to have this feature with freeipa ?
> >
> > Regards.
> >
> >
> > James
> >
>
> Hello James,
>
> FreeIPA user plugin does not support this feature, you would need to hack
> it in
> the plugin yourselves (patches welcome :-).
>
> Generally, you should be able to set account expiration to
> krbPrincipalExpiration attribute of the user account and it should just
> work.
> You can also check few tickets we have already few tickets filed for better
> handling of this attribute:
>
> https://fedorahosted.org/freeipa/ticket/3062
> [RFE] Allow admins to change expiration attribute for the accounts
>
> https://fedorahosted.org/freeipa/ticket/3305
> KrbPrincipalExpiration should be checked in pre-bind op
>
> https://fedorahosted.org/freeipa/ticket/3306
> [RFE] Expose the krbPrincipalExpiration attribute for editing in the IPA
> CLI /
> WEBUI
>
>
> Anyway, if you want a support for this particular plugin, you can file an
> RFE
> to Trac/Bugzilla which we will further process.
>
> HTH,
> Martin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130128/82263e33/attachment.htm>
More information about the Freeipa-users
mailing list