If ipa user-mod is used with password and password expiration date, then password expiration date is not set to given value. Without setting the password, the expiration date is applied.
Expiration date is not set to given value
Expiration date set to given value
IPA 4.8.0 (Not tested with other releases so far.)
I think this is expected behavior. All passwords set by an administrator are marked as expired. There is no override.
This is the issue # date Tue 30 Jul 2019 01:16:02 AM CDT
# date
////Password expiration set explicilty works fine/// //Expire password at 2019/30/07 11:51:10 # ipa user-mod password-expiration-user --password-expiration 20190730115110Z Modified user "password-expiration-user" User login: password-expiration-user First name: password Last name: expiration-user Home directory: /home/password-expiration-user Login shell: /bin/sh Principal name: password-expiration-user@ATEST.COM Principal alias: password-expiration-user@ATEST.COM User password expiration: 20190730115110Z <<<<<<<<<<< Email address: password-expiration-user@atest.com UID: 760400005 GID: 760400005 Account disabled: False Password: True Member of groups: ipausers Kerberos keys available: True
# ipa user-mod password-expiration-user --password-expiration 20190730115110Z
////Password expiration set while setting password does not//// //Expire password at 2019/30/07 11:55:20 # ipa user-mod password-expiration-user --password --password-expiration 20190730115520Z Password: Enter Password again to verify: Modified user "password-expiration-user" User login: password-expiration-user First name: password Last name: expiration-user Home directory: /home/password-expiration-user Login shell: /bin/sh Principal name: password-expiration-user@ATEST.COM Principal alias: password-expiration-user@ATEST.COM User password expiration: 20190730061714Z <<<<<<<<<< Email address: password-expiration-user@atest.com UID: 760400005 GID: 760400005 Account disabled: False Password: True Member of groups: ipausers Kerberos keys available: True
# ipa user-mod password-expiration-user --password --password-expiration 20190730115520Z
Login to comment on this ticket.