20ed1a2 AD: add task to renew the machine account password if needed

10 files Authored by sbose 5 years ago, Committed by jhrozek 5 years ago,
    AD: add task to renew the machine account password if needed
    
    AD expects its clients to renew the machine account password on a
    regular basis, be default every 30 days. Even if a client does not renew
    the password it might not cause issues because AD does not enforce the
    renewal. But the password age might be used to identify unused machine
    accounts in large environments which might get disabled or deleted
    automatically.
    
    With this patch SSSD calls an external program to check the age of the
    machine account password and renew it if needed. Currently 'adcli' is
    used as external program which is able to renew the password since
    version 0.8.0.
    
    Resolves https://fedorahosted.org/sssd/ticket/1041
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
    (cherry picked from commit 5f7cd30c865046a7ea69944f7e07c85b4c43465a)
    
        
file modified
+1 -0
file modified
+33 -0
file modified
+5 -0
file modified
+7 -0
file modified
+2 -0
file modified
+1 -0
file modified
+1 -0