[Freeipa-users] Avoid auto-setting krbpasswordexpiration to pwdpolicy?
Martin René Mortensen
martin.mortensen at adm.ku.dk
Thu Dec 17 13:21:47 UTC 2015
Hi,
I am setting up an LDAP connection from our Identity Management system
which provisions our IPA servers with fresh users and groups.
I set it up pretty nice so far, with some added privileges for change
admin passwords and avoiding password resets.
But when we create a brand new user with a password, IPA resets the
krbPasswordExpiration to match the IPA password policy - but we have
another policy in our central identity management which gets must get
set at user create time.
So the question is:
Is there any way I can avoid getting krbPasswordExpiration reset to
match the password policy?
and a followup question:
Is this the same with AD sync? passwords from AD gets synced, but
expiration is determined by local password policies on the IPA servers?
--
Martin R Mortensen
Linux Specialist
University of Copenhagen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151217/ea60eb0c/attachment.htm>
More information about the Freeipa-users
mailing list