Thanks much, Rob. I see the reason now.
On May 1, 2019, at 6:21 PM, Rob Crittenden
Yuri Krysko via FreeIPA-users wrote:
> Hello All,
> I have a user in our FreeIPA domain, whose password according to the
> applied policy (displayed in the user properties UI ) should have
> expired ~ 2 months ago, but it never did, nor did it force the user to
> reset it. The below LDAP user attributes show old data and all in
> accordance with the password policy. The user is still able to
> authenticate to the applications using LDAP connection against the
> FreeIPA servers. The krblastsuccessfulauth gets updated every time the
> user logs in. I assume if I force-reset the user’s password, it will go
> back to normal. However, I’d like to understand how to explain such a
> bizarre behavior and avoid it in the future.
> User password expiration: 20190305034410Z
> krblastpwdchange: 20190104034410Z
> krblastsuccessfulauth: 20190501213547Z
LEGAL DISCLAIMER: M.C. Dean, Inc. and its subsidiaries considers this e-mail and any files
transmitted with it to be protected, proprietary or privileged information intended solely
for the use of the named recipient(s). Any disclosure of this material or the information
contained herein, in whole or in part, to anyone outside of the intended recipient or
affiliates is strictly prohibited. M. C. Dean, Inc. accepts no liability for the content
of this e-mail or for the consequences of any actions taken on the basis of the
information contained in it, unless that information is subsequently confirmed in writing.
Employees of M.C. Dean, Inc. are instructed not to infringe on any rights of the
recipient; any such communication violates company policy. If you are not the intended
recipient, any disclosure, copying, distribution, or action taken or omitted in reliance
on this information is strictly prohibited by M.C. Dean, Inc.; please notify the sender
immediately by return e-mail, delete this communication and destroy all copies.