[Freeipa-users] Unexpiring user passwords
Natxo Asenjo
natxo.asenjo at gmail.com
Sun May 1 17:04:44 UTC 2016
On Sun, May 1, 2016 at 4:53 AM, Joshua J. Kugler <joshua at azariah.com> wrote:
> We have a situation where the passwords in FreeIPA need to be synchronized
> with another system in the company (a database of users, which is the
> authoritative source for users and passwords). But, from what I read, the
> documentation is telling me we can't do that, because if we followed this
> work
> flow:
>
> 1. Users goes to "master DB" and changes their password
> 2. master DB runs a script which sets password on FreeIPA system
> 3. User's login is now broken because the password is expired.
>
leaving the design/philosophy aside, you could modify your users'
krbpasswordexpiration ldap attribute in your script that changes the
freeipa password from your master DB password source. It's quite simple
using your ldap tools of choice.
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160501/7b1ed6e4/attachment.htm>
More information about the Freeipa-users
mailing list