Password expiration: how to trigger it?
Adi Pircalabu
adi at ddns.com.au
Fri Dec 21 01:13:30 EET 2018
On 2018-12-21 05:56, Cédric Jeanneret wrote:
> Dear Dovecot Team,
>
> I'm in the (long) process of migrating my whole email infrastructure.
> Of
> course, dovecot is in the place, and is working just fine.
>
> Still, I have an issue: password expiration.
>
> I'm now using FreeIPA backend for the user authentication, and it
> includes the capacity to expire passwords. Basically, it's an LDAP with
> fancy things, among them a field named krbPasswordExpiration (yes,
> that's kerberos).
>
> In order to make things simple, I'd rather NOT force my users to set up
> a kerberos/gssapi/whatever on their personal computer (most of them
> will
> just have blank gaze if I start talking about that).
>
> Is there a way to make Dovecot use that field? It's apparently a simple
> date in %Y%M%D%H%m%sZ format, so a pretty neat thing to test. If
> there's
> some support for that in Dovecot, that is.
One option would be the post login script, see:
https://wiki.dovecot.org/PostLoginScripting
Can also hook a password expiry check in dovecot-lda to send periodic
reminders, although that's a bit unorthodox.
--
Adi Pircalabu
More information about the dovecot
mailing list