[Freeipa-users] Remove password exiration after useradd
Rob Crittenden
rcritten at redhat.com
Thu Feb 5 14:03:12 UTC 2015
Matt . wrote:
> HI,
>
> I'm already doing so without any luck. If you remember something,
> would be nice to know!
>
> So it should be possible to do still ?
If the DN of the entry adding the password is in passSyncManagersDNs in
the entry dn: cn=ipa_pwd_extop,cn=plugins,cn=config then the password
will not be marked as expired (password policy is not applied at all IIRC).
rob
>
> 2015-02-05 14:26 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
>> On 02/05/2015 07:59 AM, Matt . wrote:
>>>
>>> Hi,
>>>
>>> OK, but as far as I understand we made some change, using a
>>> commandline command which I cannot remember or find, which goes around
>>> the password policy, or the attribute you talk about, when you add a
>>> user.
>>>
>>> Can I change that globally? As we did it seems... but we were testing
>>> so much back those days that it seems to be lost or so.
>>
>>
>> I do not remember the detils from top of my head. You can probably try to
>> search the mail archives.
>>
>>>
>>>
>>> Thanks,
>>>
>>> Matt
>>>
>>> 2015-02-05 13:21 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
>>>>
>>>> On 02/05/2015 05:54 AM, Matt . wrote:
>>>>>
>>>>> In the past we have done some testsetups with password expiring after
>>>>> we added a user, at the moment I have difficulties with this on 4.1.2
>>>>>
>>>>> What I need is the following:
>>>>>
>>>>> - We add a user using json/kinit
>>>>> - The user is added in the right way
>>>>> - tThe user should be able to use his set password by the admin (at
>>>>> least
>>>>> ldap)
>>>>>
>>>>> At the moment the password is expired directly and I tried adding the
>>>>> user with min/max lifetime to 0/0 which didn't work out. Als 0/500
>>>>> doesn't seem to fix my issue.
>>>>>
>>>>> I thought we had to do a little but more to accomplish this, but I'm
>>>>> not able to find this (anymore)
>>>>>
>>>>> Does someone have a clue how to fix this ? I'm quite sure this is
>>>>> possible.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Matt
>>>>>
>>>> It was always the feature of IPA to require password change on the first
>>>> login after it was created.
>>>> If you do not want it to be expired you need to change the expiration
>>>> attribute of the account not min max life.
>>>>
>>>> --
>>>> Thank you,
>>>> Dmitri Pal
>>>>
>>>> Sr. Engineering Manager IdM portfolio
>>>> Red Hat, Inc.
>>>>
>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go To http://freeipa.org for more info on the project
>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>
More information about the Freeipa-users
mailing list