Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1346935
Description of problem: Sometimes it is useful to allow a specific user to log in exactly once (or a defined number of times) and lock the user afterwards. Version-Release number of selected component (if applicable): 4.2 Use cases: An external employee needs to be allowed to log in to a system just once to do perform a particular task. Together with the Time-Based Account Policies as described in upstream ticket https://fedorahosted.org/freeipa/ticket/547 it would provide better control over not-so-trusted external users. Against this would be: If a user logs in once, the Kerberos Ticket is still valid for some time.
Metadata Update from @pvoborni: - Issue assigned to someone - Issue set to the milestone: Future Releases
Log in to comment on this ticket.