[Freeipa-users] Remove password exiration after useradd

[Matt .]

Hi,

OK, but as far as I understand we made some change, using a
commandline command which I cannot remember or find, which goes around
the password policy, or the attribute you talk about, when you add a
user.

Can I change that globally? As we did it seems... but we were testing
so much back those days that it seems to be lost or so.


Thanks,

Matt

2015-02-05 13:21 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
> On 02/05/2015 05:54 AM, Matt . wrote:
>>
>> In the past we have done some testsetups with password expiring after
>> we added a user, at the moment I have difficulties with this on 4.1.2
>>
>> What I need is the following:
>>
>> - We add a user using json/kinit
>> - The user is added in the right way
>> - tThe user should be able to use his set password by the admin (at least
>> ldap)
>>
>> At the moment the password is expired directly and I tried adding the
>> user with min/max lifetime to 0/0 which didn't work out. Als 0/500
>> doesn't seem to fix my issue.
>>
>> I thought we had to do a little but more to accomplish this, but I'm
>> not able to find this (anymore)
>>
>> Does someone have a clue how to fix this ? I'm quite sure this is
>> possible.
>>
>> Thanks,
>>
>> Matt
>>
> It was always the feature of IPA to require password change on the first
> login after it was created.
> If you do not want it to be expired you need to change the expiration
> attribute of the account not min max life.
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project