[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Grace period for inactive accounts?

>> Seems to me that you just need to judiciously set up ppolicy.
>> set pwdMaxAge to the max time you want your users to be able to have an
>> inactive account
>> then set pwdGraceAuthnLimit to 0
> This won't work unless he means "after a period of inactivity" to be
> actually changing their password.
> For example, if he wants to lock an account after 15 days of no logins,
> then if a user logs in on day 14, he would expect the lockout period to be
> reset. However, to reset it the user would have to change their password
> so pwdChangeTime updates.
> Or am I way off?

This of course could be forced by setting pwdMustChange

Then when the user logs in on the day 14, they must change it.