[Freeipa-users] Tracking Login Times
Rob Crittenden
rcritten at redhat.com
Mon Mar 21 15:22:14 UTC 2016
Bob wrote:
> We currently have 18 master ODSEE servers that we use to provide authentication services to both Redhat, SuSE, and Solaris systems. We are looking to add IPA servers to
> environment.
>
> We have a requirement to track time of last authentication. With ODSEE, time of last authentication tracking is enabled with this:
>
> *dsconf set-server-prop pwd-keep-last-auth-time-enabled:on*
>
>
> Looking at the Redhat DS 9 documentation, I see an account policy plug-in:
>
>
> cn=Account Policy Plugin,cn=plugins,cn=config
>
> Looking thefreeipa.org <http://freeipa.org> pages on the server plugins, I do not see the account policy plugin listed.
> http://www.freeipa.org/page/Directory_Server
>
> Looking in the directory DT of a "VERSION: 4.2.0, API_VERSION: 2.156" installed on Redhat 7, I do see the account policy plugin in the config tree.
>
>
> Is the use of this account policy plugin supported with IPA? Should it work?
IPA has its own password policy. You can get last successful
authentication via krbLastSuccessfulAuth
Don't let the attribute name mislead you, it is updated on every
authentication.
Also note that this is per-IPA master. It is not replicated.
rob
More information about the Freeipa-users
mailing list