>>>>> >>>>> Is it possible to lock out an user account on a set date? >>>>> >>>>> >>>> >>>> You should be able to set the krbPrincipalExpiration attribute to expire >>>> an account on a set date. >>>> >>>> However note this: https://fedorahosted.org/freeipa/ticket/3305 >>>> >>>> >>>> >>>> It means ti will work with krb auth but not with ldap binds for now. >>>> >>>> >>>> >>> >>> Thanks! That worked like a charm!! >>> >>> >>> Is there any active ticket to have this property exposed for editing in the >>> IPA CLI / WEBUI? >>> >> >> No, an RFE ticket would be welcome though. >> > > Ok, for the record: > > https://bugzilla.redhat.com/show_bug.cgi?id=887988 > > > Rgds, > Siggi >
It would be better though to have a real account expiration setting in the UI that not only set krbPrincipalExpiration but also locked the ldap user account and any other appropriate actions. Brian _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
