[Freeipa-users] Password policy for admin account not working
sipazzo
sipazzo at yahoo.com
Wed Jan 14 17:41:36 UTC 2015
Thank you Rob. That makes sense but I could have sworn I changed the policy before expiration. Resetting it did indeed resolve the issue though. Sorry for the headache.
--------------------------------------------
On Mon, 1/12/15, Rob Crittenden <rcritten at redhat.com> wrote:
Subject: Re: [Freeipa-users] Password policy for admin account not working
To: "sipazzo" <sipazzo at yahoo.com>, "Freeipa-users at redhat.com" <Freeipa-users at redhat.com>
Date: Monday, January 12, 2015, 11:48 AM
sipazzo wrote:
>
> Good morning, I created a
"service" password policy that prevents password
expiration and gave it a priority of 0. I then created a
"service" user group and applied the policy to the
group. I added my admin user to this group so their password
would not expire. However, it continues to expire anyway. I
have other (not built-in) accounts that use this policy
successfully so it seems like the priority is not working
correctly. I am unable to change the priority on the
global_policy. Is my only option to add another policy with
the same config as the global policy but a lower priority
and assign that to all my users?
>
Password policy for
expiration is applied at the time the password is
changed/set, not retroactively, so you may just
need to reset the
password on those
accounts.
To see what
policy will be applied to a give user do:
$ ipa pwpolicy-show
--user=someuser
rob
More information about the Freeipa-users
mailing list