[Freeipa-users] Freeipa 4.4 creating users with expiration
Alexander Bokovoy
abokovoy at redhat.com
Mon Mar 6 08:02:29 UTC 2017
On ma, 06 maalis 2017, David Kupka wrote:
>On Fri, Mar 03, 2017 at 08:44:45PM +0530, Rakesh Rajasekharan wrote:
>> Hello,
>>
>> Am using Freeipa 4.4 version .
>>
>> I would like to create few users only valid for few days or months. So,is
>> there a way to create few users with a preset expiration or auto lock those
>> accounts after a few days
>
>Hello Rhakesh,
>AFAIK there's no mechanism to Lock the user account after period of time or at
>specified time. You need to call "ipa user-disable LOGIN" manually.
Actually, no. You can use krbPrincipalExpiration attribute to force
account to expire. Once it is expired, both Kerberos and LDAP password
bind will refuse it operating.
Use --principal-expiration=DATETIME to 'ipa user-mod'.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list