Are there settings in FreeIPA similar to the setting available from the chage command ? I am specifically looking for a setting for the time after a password expires to allow the user to update it.
I am looking for the same "grace period" that the non-IPA shell password has. From the change man page: -M, --maxdays MAX_DAYS Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change his/her password before being able to use his/her account. -I, --inactive INACTIVE Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of days of inactivity. A user whose account is locked must contact the system administrator before being able to use the system again. I find nothing like this in the documentation. I do know, however, that when a user is initially created, the password expire time is set to the current clock time. When the user logs in for the first time, they are prompted to change their password. I am looking for a parameter -- like chage's INACTIVE -- that defines a grace period from the time the password expires until the account is locked and requires admin intervention. Or does that only happen for the account creation ? ______________________________________________________________________________________________ Daniel E. White [email protected]<mailto:[email protected]> NICS Linux Engineer NASA Goddard Space Flight Center 8800 Greenbelt Road Building 14, Room E175 Greenbelt, MD 20771 Office: (301) 286-6919 Mobile: (240) 513-5290
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
