[Freeipa-users] Default Expiry on IPA?
Petr Vobornik
pvoborni at redhat.com
Tue Aug 28 10:18:53 UTC 2012
On 08/28/2012 09:44 AM, freeipa at noboost.org wrote:
> Hi All,
>
> System:
> Red Hat Enterprise Linux Server release 6.3 (Santiago)
> ipa-server-2.2.0
>
>
> Question:
> Has anyone managed to to actually set an expiry date (or longer 900+ day expiry
> time) on user account passwords in IPA?
>
>>From my testing, the default of 90 days is hard coded and the only way
> to extend it is via LDAP and the "krbPasswordExpiration:" attribute?
>
> cya
>
> Craig
>
Hi Craig,
You can set password policies for various user groups. In IPA is a
dafault policy: global_policy. You can change password max life to 1000
days by following command:
# ipa pwpolicy-mod --maxlife=1000
Or in Web UI: Policy/Password Policies/global_policy
When user resets his password this policy will be applied on it.
IPA CLI and Web UI don't have options to set user password's expiration
date directly.
Regards
--
Petr Vobornik
More information about the Freeipa-users
mailing list