Password expiration: how to trigger it?
Cédric Jeanneret
dovecot at tengu.ch
Thu Dec 20 20:56:03 EET 2018
Dear Dovecot Team,
I'm in the (long) process of migrating my whole email infrastructure. Of
course, dovecot is in the place, and is working just fine.
Still, I have an issue: password expiration.
I'm now using FreeIPA backend for the user authentication, and it
includes the capacity to expire passwords. Basically, it's an LDAP with
fancy things, among them a field named krbPasswordExpiration (yes,
that's kerberos).
In order to make things simple, I'd rather NOT force my users to set up
a kerberos/gssapi/whatever on their personal computer (most of them will
just have blank gaze if I start talking about that).
Is there a way to make Dovecot use that field? It's apparently a simple
date in %Y%M%D%H%m%sZ format, so a pretty neat thing to test. If there's
some support for that in Dovecot, that is.
If not, as a last resort, I can configure the freeIPA to deactivate the
user if the password is expired, and this should push another field in
the user description. Would that be a possibility for Dovecot, in case
it can't use the datetime field as is?
Thank you for your support!
Cheers,
C.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pEpkey.asc
Type: application/pgp-keys
Size: 1774 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20181220/0e663226/attachment-0001.bin>
More information about the dovecot
mailing list