[Freeipa-users] deleting password history?

Simo Sorce simo at redhat.com
Tue Jul 16 02:27:57 UTC 2013


On Mon, 2013-07-15 at 20:25 -0500, KodaK wrote:
> 
> 
> On Mon, Jul 15, 2013 at 7:04 PM, Dmitri Pal <dpal at redhat.com> wrote:
>         You probably want to remove krbPwdHistory attribute and set
>         krbPwdHistoryLength to 0.
>         
> Just so I'm clear:  I only want to do a one-time erase for one user so
> he can use a password he was using
> earlier.  We changed it for testing and I don't think that should be
> held against him. :)
> 
> 
> I'm not sure if this disables password history for that user or just
> clears it.

If you remove the krbPwdHistory attribute from the user's entry the user
will have no history.
That should be sufficient to allow you to change 'back' his password.

Other means are: change the password as many times as
krbPwdHistoryLength says and finally you'll be able to start again
setting the old password.

Simo.


-- 
Simo Sorce * Red Hat, Inc * New York




More information about the Freeipa-users mailing list