Temporarily disable minimum password time in FreeIPA after password reset by support

Foghorn

1/17/23, 4:47 PM

We use FreeIPA 4.6.8 and we have users that of course forget their passwords. However, password policy has a minimum password time of 1 hour. When support resets their password for them and provides it via separate & secure channel, they also send instructions that instruct the user to reset the password to something else at next login. However, since support used the 'reset password' utility in FreeIPA, the change by support 'counts' as a password change. Thus, if the user changes the password within an hour, they get blocked by password policy. We have tried to adjust this for the user, but can't find a way other than password policies (which are global). Ideally, we would want to allow one next password change immediately, or at least some grace period where the minimum password time policy isn't enforced for that user for some short period of time. Is there any way of accomplishing that?

0 + 0

redhat

ldap

centos

authentication

freeipa

Bravo

1/18/23, 2:39 AM

according to [this documentation](https://www.freeipa.org/page/New_Passwords_Expired) *One of the features we decided to embed in FreeIPA is that when a password is first set or when a password is later reset we mark this password as immediately expired and require the owner to perform a password change* - so, you must be doing something wrong if the user isn't required to change their password after a password reset - either that, or there is a bug in FreeIPA

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Temporarily disable minimum password time in FreeIPA after password reset by support

TH: ปิดใช้งานเวลาขั้นต่ำของรหัสผ่านชั่วคราวใน FreeIPA หลังจากรีเซ็ตรหัสผ่านโดยฝ่ายสนับสนุน

RO: Dezactivați temporar durata minimă a parolei în FreeIPA după resetarea parolei de către asistență

RU: Временно отключите минимальное время действия пароля в FreeIPA после сброса пароля службой поддержки.

VI: Tạm thời vô hiệu hóa thời gian mật khẩu tối thiểu trong FreeIPA sau khi đặt lại mật khẩu bởi bộ phận hỗ trợ

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.