[Freeipa-users] Password expiration dates are different when being resetted by the (primary) admin and a different admin
Martin Kosek
mkosek at redhat.com
Tue Sep 2 15:19:51 UTC 2014
On 09/02/2014 10:42 AM, Zip Ly wrote:
> @Martin
>
> The second admin is my service account. I use this account to communicate
> with our webapplication (it uses keytab and post/curl json to ipa). I can
> add users without a problem. But when it comes to changing password, the
> password is expired immediately.
>
> I have only one password policy and that's the 'global_policy'. The
> --maxlife you mentioned only affect this policy. If I use this service
> account to change the user password, the policy is ignored just as stated
> in the ipa wiki. Even if I set the --maxlife to 200, if the password is
> being resetted by this first admin, then the expire date is set to 90 days
> or expired immediately by the second admin/service account.
>
> That's why I want to know how to change this 90 days and also apply it for
> the service account.
What version of FreeIPA do you use? Maybe you are hitting
https://fedorahosted.org/freeipa/ticket/3968
that we fixed in FreeIPA 3.3.3.
Martin
More information about the Freeipa-users
mailing list