Allow unexpiring passwords

Treat maxlife=0 in password policy as "never expire". Delete krbPasswordExpiration in user entry when password should never expire. https://fedorahosted.org/freeipa/ticket/2795 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
author: David Kupka <dkupka@redhat.com> 2016-06-30 08:52:33 +0200
committer: Petr Vobornik <pvoborni@redhat.com> 2016-07-01 11:22:02 +0200
commit: d2cb9ed327ee4003598d5e45d80ab7918b89eeed (patch)
tree: 759a8dbeb8cec1226cefdb097354e78756bcf639 /ipaserver
parent: 3691e39a62da5134f911f6a798f79a3a2ae0c025 (diff)
download: freeipa-d2cb9ed327ee4003598d5e45d80ab7918b89eeed.tar.gz
freeipa-d2cb9ed327ee4003598d5e45d80ab7918b89eeed.tar.xz
freeipa-d2cb9ed327ee4003598d5e45d80ab7918b89eeed.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/plugins/pwpolicy.py b/ipaserver/plugins/pwpolicy.py
index 5a2202aa0..e5e68fb58 100644
--- a/ipaserver/plugins/pwpolicy.py
+++ b/ipaserver/plugins/pwpolicy.py
@@ -411,7 +411,7 @@ class pwpolicy(LDAPObject):
             if maxlife is None and 'krbmaxpwdlife' in existing_entry:
                 maxlife = int(existing_entry['krbmaxpwdlife'][0]) * 86400
 
-        if maxlife is not None and minlife is not None:
+        if maxlife not in (None, 0) and minlife is not None:
             if minlife > maxlife:
                 raise errors.ValidationError(
                     name='maxlife',
author	David Kupka <dkupka@redhat.com>	2016-06-30 08:52:33 +0200
committer	Petr Vobornik <pvoborni@redhat.com>	2016-07-01 11:22:02 +0200
commit	d2cb9ed327ee4003598d5e45d80ab7918b89eeed (patch)
tree	759a8dbeb8cec1226cefdb097354e78756bcf639 /ipaserver
parent	3691e39a62da5134f911f6a798f79a3a2ae0c025 (diff)
download	freeipa-d2cb9ed327ee4003598d5e45d80ab7918b89eeed.tar.gz freeipa-d2cb9ed327ee4003598d5e45d80ab7918b89eeed.tar.xz freeipa-d2cb9ed327ee4003598d5e45d80ab7918b89eeed.zip