On 04/12/2016 02:10 PM, dbisc...@hrz.uni-kassel.de wrote: > Hi, > > On Tue, 12 Apr 2016, bahan w wrote: > >> I am using FreeIPA 3.0 and I would like, for specific accounts, to set >> passwords unexpirables. >> >> I tried to set a pwpolicy for this with the option maxage set to 0, but it >> did not help and the maxage was 0 (password already expired). >> >> Is there a way, with this Ipa version, to set passwords unexpirables ? > > it is possible to create a password policy (tab "Policy" in the web interface) > for a user group of your choice and change the password max lifetime to (e.g.) > 3650 days = 10 years. That's not exactly "never expiring", but it does the > trick for me (I use it for LDAP bind users).
Right, this will work as long as the expiration does not go over year 2038: https://fedorahosted.org/freeipa/ticket/2496 This is the proper RFE to make "0" work: https://fedorahosted.org/freeipa/ticket/2795 You can add yourself to CC to receive updates on it, it is now scheduled for the next feature release. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project