Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
28.5. Changing Password Expiration Date with Immediate Effect
You can use the ipa user-mod or ldapmodify utilities to change the expiration date of a user password.
Changing the expiration date of a user password by using the ipa user-mod utility
- To enforce an immediate change of the expiration date, use ipa user-mod command with the
--password-expirationoption. For example, to set the expiration date to2016-02-03 20:37:34in the UTC time zone, run:# ipa user-moduser_name --password-expiration='2016-02-03 20:37:34Z'Note that the command uses a generalized time format and setting the expiration date to20160203203734Zis also possible.
Changing the expiration date of a user password by using the ldapmodify utility
To enforce an immediate change of the expiration date, reset the
krbPasswordExpiration attribute value in LDAP.
To change the expiration date for a single user:
- Set the new value for the
krbPasswordExpirationattribute for the user entry by using the following command:# ldapmodify -D "cn=Directory Manager" -w secret -h server.example.com -p 389 -vv dn:
uid=user_name,cn=users,cn=accounts,dc=example,dc=comchangetype:modifyreplace:krbPasswordExpirationkrbPasswordExpiration:20160203203734ZThekrbPasswordExpirationformat follows generalized time format YYYMMDDHHMMSS.0Z. - Press Ctrl+D to confirm and send the changes to the server.
To edit multiple entries at once, use ldapmodify with the
-f option to reference an LDIF file.