[Freeipa-users] Account Expiration

Rob Crittenden rcritten at redhat.com
Wed Feb 13 20:34:51 UTC 2013 

James James wrote:
> What is the IIRC docs ?

IIRC == If I Recall Correctly.

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#pwd-expiration

rob

>
>
> 2013/2/13 Rob Crittenden <rcritten at redhat.com <mailto:rcritten at redhat.com>>
>
>     Petr Spacek wrote:
>
>         On 12.2.2013 20:21, John Dennis wrote:
>
>             On 02/12/2013 01:40 PM, Rob Crittenden wrote:
>
>                     Is it possible to ipa to send a email to user when
>                     his account is about
>                     to expire (the current date is near
>                     krbprincipalexpiration date) ?
>
>
>                 Not currently. In 3.0+ we will provide a notice when one
>                 logs into the
>                 WebUI but that's it.
>
>                 We can't be sure that an MTA is properly configured on
>                 the IPA server at
>                 install time so we have punted on this for a while. We
>                 don't want to get
>                 into the business of picking and configuring one. This
>                 is one of those
>                 things that seems really easy but gets complicated the
>                 deeper you dig
>                 into it. We're open to suggestions/patches.
>
>
>             Yeah, I don't think we want to be in the business of
>             installing and
>             configuring an MTA. However, we should be able to detect if
>             one is
>             available
>             and use it if it is. I think it would be reasonable to
>             restrict it to
>             LMTP
>             with a Unix domain socket (most MTA's support this). Then
>             our config
>             would
>             have a LMTP domain socket pathname, if that pathname exists
>             and we can
>             connect
>             to it we use, if not we fallback to not generating any mail.
>
>
>         In meanwhile, it should be relatively simple to code script
>         which does
>         ldapsearch from time to time and sends some e-mails. This script
>         doesn't
>         have to run on the same server as IPA, only access to LDAP and
>         some MTA
>         is required.
>
>
>     Yes, that is our current recommendation. There is a sample query in
>     the docs IIRC.
>
>     rob
>
>
>     _________________________________________________
>     Freeipa-users mailing list
>     Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>     https://www.redhat.com/__mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>
>

More information about the Freeipa-users mailing list