[Freeipa-users] User expiration on a certain date

Brian Cook bcook at redhat.com
Mon Dec 17 19:00:49 UTC 2012


>>>>> 
>>>>> Is it possible to lock out an user account on a set date?
>>>>> 
>>>>> 
>>>> 
>>>> You should be able to set the krbPrincipalExpiration attribute to expire
>>>> an account on a set date.
>>>> 
>>>> However note this: https://fedorahosted.org/freeipa/ticket/3305
>>>> 
>>>> 
>>>> 
>>>> It means ti will work with krb auth but not with ldap binds for now.
>>>> 
>>>> 
>>>> 
>>> 
>>> Thanks! That worked like a charm!!
>>> 
>>> 
>>> Is there any active ticket to have this property exposed for editing in the IPA CLI / WEBUI?
>>> 
>> 
>> No, an RFE ticket would be welcome though.
>> 
> 
> Ok, for the record:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=887988
> 
> 
> Rgds,
> Siggi
> 

It would be better though to have a real account expiration setting in the UI that not only set krbPrincipalExpiration but also locked the ldap user account and any other appropriate actions.


Brian




More information about the Freeipa-users mailing list