freeipa

bradvan · 05-18-2017, 12:16 PM

Does anyone know if it is possible to configure freeipa to not flag an account as expired when an administrator changes that accounts password? Management wants several accounts to be set with a certain password and to not allow the users to change them. Just not sure that is possible?

MensaWater · 05-19-2017, 10:06 AM

I don't use FreeIPA but this page seems to clearly show it is designed NOT to be possible (except for Password Synchronization with something like Active Directory).

It also talks about "password exclusivity". The phrase would make me think you can't set multiple users to the same password as you intend but that isn't what the discussion says.

bradvan · 05-19-2017, 12:30 PM

Thanks, yes that is what I thought. They don't want to set all users to the same password, but for certain users, want to tell them what their password is and set the expiration date. For example, if I were going to allow you to log in and check something out, they want me to set your password to a given value and give you 6 hours (or days) to log in. After that, the password is no good anymore. I told them I did not think it was possible.

Thanks for the input!