[Freeipa-users] Change default password expiry date
Dmitri Pal
dpal at redhat.com
Wed Dec 10 02:36:28 UTC 2014
On 12/09/2014 08:43 PM, Thomas Lau wrote:
> Hi All,
>
> FreeIPA Default is using 60days password expiry, how could I change it?
You go to password policies and change the global password policy.
You change MAX lifetime.
This is a global setting it will apply to new passwords/keytabs when
they are changed next time.
You can create other policies and apply them to groups it you need.
>
> Also, for existing accounts, can I just change krbPasswordExpiration
> on LDAP?
I think the answer is yes.
> anywhere else I need to change?
I think the answer is no
> do I need to generate keytab
> on Kerberos to activate new expiry date?
>
If you change the expiration in the attribute then no.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list