[Freeipa-users] Password expiration dates are different when being resetted by the (primary) admin and a different admin
Zip Ly
ziplyx at gmail.com
Wed Sep 3 16:08:48 UTC 2014
@Martin
Ah that explains everything. We were using centos 6.5 + ipa 3.0.0
Now with a new test setup centos 7 + ipa 3.3.3, it works just as we wanted.
Thank all for the help!
On Tue, Sep 2, 2014 at 5:19 PM, Martin Kosek <mkosek at redhat.com> wrote:
> On 09/02/2014 10:42 AM, Zip Ly wrote:
> > @Martin
> >
> > The second admin is my service account. I use this account to communicate
> > with our webapplication (it uses keytab and post/curl json to ipa). I can
> > add users without a problem. But when it comes to changing password, the
> > password is expired immediately.
> >
> > I have only one password policy and that's the 'global_policy'. The
> > --maxlife you mentioned only affect this policy. If I use this service
> > account to change the user password, the policy is ignored just as stated
> > in the ipa wiki. Even if I set the --maxlife to 200, if the password is
> > being resetted by this first admin, then the expire date is set to 90
> days
> > or expired immediately by the second admin/service account.
> >
> > That's why I want to know how to change this 90 days and also apply it
> for
> > the service account.
>
> What version of FreeIPA do you use? Maybe you are hitting
> https://fedorahosted.org/freeipa/ticket/3968
> that we fixed in FreeIPA 3.3.3.
>
> Martin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140903/9edefeff/attachment.htm>
More information about the Freeipa-users
mailing list