How to apply password policy on computer accounts of Red Hat Enterprise Linux system joined to the Active Directory Server?
Issue
- Often with Active Directory a Kerberos host keytab is needed to bind with
SASL/GSSAPI
forLDAP
operations. On many sites security policies do not allow never-expiring passwords so the keytab needs to renewed eventually, currently requiring manual steps to obtain a new keytab.SSSD
should support automated renewal of Kerberos host keytabs asSamba/Winbind
does. - Is it possible to set password expiry policy to the Red Hat Enterprise Linux system computer accounts created in the Active Directory Server?
- When computer accounts are created using
realm
(oradcli
on RHEL 6), their passwords are set to never expire. RHEL systems should have passwords recycled just like any other Windows client.
Environment
- Red Hat Enterprise Linux 7.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.