On 02/28/2017 11:40 AM, xinhuan zheng wrote:
I have setup password policy for user account to enforce a few things:
Please take a look at the Doc.
22.214.171.124. passwordMaxAge (Password Maximum Age)
Valid Range 1 to the maximum 32 bit integer value (2147483647) in seconds
With that policy on a user account, I changed one user's password from 389 console.
It basically resets user's password.
When user login, user gets "Password expired. Change your password now."
prompt. The user goes through prompt to change the password. Then user gets login shell
successfully. User then logout.
Next time when user login again, the user still gets "Password expired. Change your
password now." prompt. It appears 'passwordexpirationtime' attribute is set
to the very first time when user changed password, but never set to password change time +
7 days, as the policy is configured.
What went wrong in my previous procedure? How do I get passwordexpirationtime set to
correct time when user change their password from administrative reset?
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org