[Freeipa-users] freeipa password policy ( hsitory ) getting reset with password reset
Simo Sorce
ssorce at redhat.com
Wed May 4 14:37:07 UTC 2016
On Wed, 2016-05-04 at 16:16 +0200, Martin Kosek wrote:
> On 05/03/2016 08:20 AM, Rakesh Rajasekharan wrote:
> > Hi,
> >
> > I am running a freeipa server 4.2.x.
> >
> > I have the following password global password policy set to force a history of 3
> >
> > ipa pwpolicy-mod global_policy --history=3 --maxlife=90 --minlength=8
> > --maxfail=3 --failinterval=300
> >
> >
> > This works good when the user himself changes the password.. and IPA does not
> > allow reusing older password.
> >
> > However, if the admin resets it "ipa user-mod testuser --random" then it seems
> > to reset the password history as well and the user can now re-use his older password
> >
> > Is this expected or is there something I can do about it.
>
> Good question, CCing Simo on this one.
It is arguably a bug, history shouldn't be lost IMHO.
Simo.
> > Also, is there a way to get the password expiry warning at the terminal when a
> > user logs in , something similar to the "pwdExpireWarning" in ldap.
> >
> > I searched a bit and could only find setting up email alerts .
>
> CCing Jakub from SSSD team.
>
> Martin
More information about the Freeipa-users
mailing list