[Freeipa-users] Password expiration dates are different when being resetted by the (primary) admin and a different admin

[Will Sheldon]

1a) has come up before:
https://www.redhat.com/archives/freeipa-users/2014-February/msg00313.html

1b) We handled this by setting the expire lifetime to a very large value (20 years) for members of a certain group.

2) I’m not sure.


Kind regards,

Will Sheldon
+1.778-689-1244

On August 28, 2014 at 7:26:03 AM, Zip Ly (ziplyx at gmail.com) wrote:

Hi,
 
 
I'm trying to change a user password without reset.
If I use the (primary) admin to change the password then it doesn't need a password reset, because the expire lifetime is 90 days.
 
But if I create a second admin, then every password change made by the second admin needs a password reset, because the password is expired immediately.
 
1a) Does anyone knows how I can change the policy/privilege of the second admin so every password change doesn't require a reset? 1b) and is it possible to set a different expire lifetime like zero for unlimited lifetime?
 
It's almost the same bugreport as https://fedorahosted.org/freeipa/ticket/2795 but the difference is there should be 2 policies: one for changing your own password and another for resetting other users password.
 
 
2) Are there more differences in policies between the first (primary) admin and the second admin you just created?
 
 
Kind regards,
 
Zip
 
 

--  
Manage your subscription for the Freeipa-users mailing list:  
https://www.redhat.com/mailman/listinfo/freeipa-users  
Go To http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140828/cfe3eb0b/attachment.htm>