[Freeipa-users] non-expiring password policy (or as close as I can come)
Natxo Asenjo
natxo.asenjo at gmail.com
Fri Jan 25 07:44:49 UTC 2013
On Thu, Jan 24, 2013 at 10:51 PM, KodaK <sakodak at gmail.com> wrote:
> I have a need to have certain mission critical application accounts
> non-expiring (people don't log in directly, but if the accounts expire
> it could stop production jobs.)
Without knowing anything about this particular case, could you not use
a service account autheticated with a keytab? I have succesfully used
this for authenticating webapps to postgresql, you just need to
schedule a renewal of the ticket in cron and use the $KRB5CCNAME
environment variable to point to the right place. It was surprisingly
easy and works very well.
--
groet,
natxo
More information about the Freeipa-users
mailing list