Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
28.5. Changing Password Expiration Date with Immediate Effect
You can use the ipa user-mod or ldapmodify utilities to change the expiration date of a user password.
Changing the expiration date of a user password by using the ipa user-mod utility
- To enforce an immediate change of the expiration date, use ipa user-mod command with the
--password-expiration
option. For example, to set the expiration date to2016-02-03 20:37:34
in the UTC time zone, run:# ipa user-mod
user_name --password-expiration='2016-02-03 20:37:34Z'
Note that the command uses a generalized time format and setting the expiration date to20160203203734Z
is also possible.
Changing the expiration date of a user password by using the ldapmodify utility
To enforce an immediate change of the expiration date, reset the
krbPasswordExpiration
attribute value in LDAP.
To change the expiration date for a single user:
- Set the new value for the
krbPasswordExpiration
attribute for the user entry by using the following command:# ldapmodify -D "cn=Directory Manager" -w secret -h server.example.com -p 389 -vv dn:
uid=user_name,cn=users,cn=accounts,dc=example,dc=com
changetype:modify
replace:krbPasswordExpiration
krbPasswordExpiration:20160203203734Z
ThekrbPasswordExpiration
format follows generalized time format YYYMMDDHHMMSS.0Z. - Press Ctrl+D to confirm and send the changes to the server.
To edit multiple entries at once, use ldapmodify with the
-f
option to reference an LDIF file.