How to apply password policy on computer accounts of Red Hat Enterprise Linux system joined to the Active Directory Server?
Issue
- Often with Active Directory a Kerberos host keytab is needed to bind with
SASL/GSSAPIforLDAPoperations. On many sites security policies do not allow never-expiring passwords so the keytab needs to renewed eventually, currently requiring manual steps to obtain a new keytab.SSSDshould support automated renewal of Kerberos host keytabs asSamba/Winbinddoes. - Is it possible to set password expiry policy to the Red Hat Enterprise Linux system computer accounts created in the Active Directory Server?
- When computer accounts are created using
realm(oradclion RHEL 6), their passwords are set to never expire. RHEL systems should have passwords recycled just like any other Windows client.
Environment
- Red Hat Enterprise Linux 7.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
