[Date Prev][Date Next]
Re: Grace period for inactive accounts?
>> Seems to me that you just need to judiciously set up ppolicy.
>> set pwdMaxAge to the max time you want your users to be able to have an
>> inactive account
>> then set pwdGraceAuthnLimit to 0
> This won't work unless he means "after a period of inactivity" to be
> actually changing their password.
> For example, if he wants to lock an account after 15 days of no logins,
> then if a user logs in on day 14, he would expect the lockout period to be
> reset. However, to reset it the user would have to change their password
> so pwdChangeTime updates.
> Or am I way off?
This of course could be forced by setting pwdMustChange
Then when the user logs in on the day 14, they must change it.