Hi,
I am setting up an LDAP connection from our Identity Management system
which provisions our IPA servers with fresh users and groups.
I set it up pretty nice so far, with some added privileges for change
admin passwords and avoiding password resets.
But when we create a brand new user with a password, IPA resets the
krbPasswordExpiration to match the IPA password policy - but we have
another policy in our central identity management which gets must get
set at user create time.
So the question is:
Is there any way I can avoid getting krbPasswordExpiration reset to
match the password policy?
and a followup question:
Is this the same with AD sync? passwords from AD gets synced, but
expiration is determined by local password policies on the IPA servers?
--
Martin R Mortensen
Linux Specialist
University of Copenhagen
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project