[Freeipa-users] deleting password history?
I'm probably missing something obvious, but I've searched the mailing list in gmail and tried to google it: If I want to remove the password history for a user, how do I do it? -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] deleting password history?
On 07/15/2013 04:04 PM, KodaK wrote: > I'm probably missing something obvious, but I've searched the mailing > list in gmail and tried to google it: > > If I want to remove the password history for a user, how do I do it? > > -- > The government is going to read our mail anyway, might as well make it > tough for them. GPG Public key ID: B6A1A7C6 > > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users You probably want to remove krbPwdHistory attribute and set krbPwdHistoryLength to 0. -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] deleting password history?
On Mon, Jul 15, 2013 at 7:04 PM, Dmitri Pal wrote: > You probably want to remove krbPwdHistory attribute and set > krbPwdHistoryLength to 0. > > > Just so I'm clear: I only want to do a one-time erase for one user so he can use a password he was using earlier. We changed it for testing and I don't think that should be held against him. :) I'm not sure if this disables password history for that user or just clears it. Thanks, --Jason -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] deleting password history?
On Mon, 2013-07-15 at 20:25 -0500, KodaK wrote: > > > On Mon, Jul 15, 2013 at 7:04 PM, Dmitri Pal wrote: > You probably want to remove krbPwdHistory attribute and set > krbPwdHistoryLength to 0. > > Just so I'm clear: I only want to do a one-time erase for one user so > he can use a password he was using > earlier. We changed it for testing and I don't think that should be > held against him. :) > > > I'm not sure if this disables password history for that user or just > clears it. If you remove the krbPwdHistory attribute from the user's entry the user will have no history. That should be sufficient to allow you to change 'back' his password. Other means are: change the password as many times as krbPwdHistoryLength says and finally you'll be able to start again setting the old password. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users