[Freeipa-users] freeipa password policy ( hsitory ) getting reset with password reset
Rakesh Rajasekharan
rakesh.rajasekharan at gmail.com
Tue May 3 06:20:59 UTC 2016
Hi,
I am running a freeipa server 4.2.x.
I have the following password global password policy set to force a history
of 3
ipa pwpolicy-mod global_policy --history=3 --maxlife=90 --minlength=8
--maxfail=3 --failinterval=300
This works good when the user himself changes the password.. and IPA does
not allow reusing older password.
However, if the admin resets it "ipa user-mod testuser --random" then it
seems to reset the password history as well and the user can now re-use his
older password
Is this expected or is there something I can do about it.
Also, is there a way to get the password expiry warning at the terminal
when a user logs in , something similar to the "pwdExpireWarning" in ldap.
I searched a bit and could only find setting up email alerts .
Thanks,
Rakesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160503/6a92165c/attachment.htm>
More information about the Freeipa-users
mailing list