[Freeipa-users] User expiration on a certain date
Brian Cook
bcook at redhat.com
Mon Dec 17 19:00:49 UTC 2012
>>>>>
>>>>> Is it possible to lock out an user account on a set date?
>>>>>
>>>>>
>>>>
>>>> You should be able to set the krbPrincipalExpiration attribute to expire
>>>> an account on a set date.
>>>>
>>>> However note this: https://fedorahosted.org/freeipa/ticket/3305
>>>>
>>>>
>>>>
>>>> It means ti will work with krb auth but not with ldap binds for now.
>>>>
>>>>
>>>>
>>>
>>> Thanks! That worked like a charm!!
>>>
>>>
>>> Is there any active ticket to have this property exposed for editing in the IPA CLI / WEBUI?
>>>
>>
>> No, an RFE ticket would be welcome though.
>>
>
> Ok, for the record:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=887988
>
>
> Rgds,
> Siggi
>
It would be better though to have a real account expiration setting in the UI that not only set krbPrincipalExpiration but also locked the ldap user account and any other appropriate actions.
Brian
More information about the Freeipa-users
mailing list