Am Thu, Aug 28, 2025 at 03:34:04PM -0700 schrieb Bob Green via sssd-devel: > Judging by set_password_with_computer_creds() found in adcli > library/adenroll.c the answer to my question is yes. I was wondering > if kadmin could be used to rotate a machine's password against an AD > KDC, but that doesn't appear to be an option. I guess I should try to > learn clang so that I can better understand the "magic" behind this > method. This inquiry was partly prompted by a desire to use adcli > update to force a machine password change and to overcome adcli's > refusal to do so: > * Password not too old, no change needed
Hi, I guess the option '--computer-password-lifetime=0' is what you are looking for, see man adcli for details. Btw, the sssd-users list might be more suitable for this kind of questions. HTH bye, Sumit > > I was able to overcome this by adding a new SPN to the computer > account with --add-service-principal=<..> > > however I was hoping to change the machine password every minute if > needed, simply for debug purposes. Adding and removing SPNs is not a > terrible solution however it would be nice to have a --force option. > That said, I really have nothing to complain about. I sincerely want > to thank you for developing sssd and ancillary tools such as adcli. > -- > _______________________________________________ > sssd-devel mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ sssd-devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
