Are there settings in FreeIPA similar to the setting available from the chage command ? I
am specifically looking for a setting for the time after a password expires to allow the
user to update it.
I am looking for the same "grace period" that the non-IPA shell password has.
From the change man page:
-M, --maxdays MAX_DAYS
Set the maximum number of days during which a password is valid. When MAX_DAYS plus
LAST_DAY is less than the current day, the user will be required to change his/her
password before being able to use his/her account.
-I, --inactive INACTIVE
Set the number of days of inactivity after a password has expired before the account is
locked. The INACTIVE option is the number of days of inactivity. A user whose account is
locked must contact the system administrator before being able to use the system again.
I find nothing like this in the documentation.
I do know, however, that when a user is initially created, the password expire time is set
to the current clock time.
When the user logs in for the first time, they are prompted to change their password.
I am looking for a parameter -- like chage's INACTIVE -- that defines a grace period
from the time the password expires until the account is locked and requires admin
intervention.
Or does that only happen for the account creation ?
______________________________________________________________________________________________
Daniel E. White
daniel.e.white@nasa.gov<mailto:daniel.e.white@nasa.gov>
NICS Linux Engineer
NASA Goddard Space Flight Center
8800 Greenbelt Road
Building 14, Room E175
Greenbelt, MD 20771
Office: (301) 286-6919
Mobile: (240) 513-5290
Show replies by date