[Freeipa-users] User Lockout even with special password Policy
Matt .
yamakasi.014 at gmail.com
Thu Jan 14 15:34:17 UTC 2016
OK, nice,but this user failed on kinit but is in the group where the
policy is set to 0.
Can I check on the commandline if it applies to that setting by
querying ldap in some way ? It could be that some other group
overrules in some way ?
What about sysaccounts ? They seem to be locked also with too many
logins, and this concerns me as they are not POSIX.
2016-01-14 15:16 GMT+01:00 Rob Crittenden <rcritten at redhat.com>:
> Matt . wrote:
>> Hi Guys,
>>
>> I'm having an issue that a user which I use for the API is getting
>> locked out from time to time.
>>
>> I have created a specific password policy for this user with:
>>
>> Lockout duration (seconds) 0
>>
>> But this doesn't help much.
>>
>> Anyone an idea how I can make sure a user is not locked out in any way
>> by lots of logins or tries, etc and be able to test it functions
>> allright ?
>
> Setting maxfail to 0 should do it. As for testing, be creative, but be
> sure to test both LDAP bind and kinit.
>
> rob
>
More information about the Freeipa-users
mailing list