diff options
| author | Pavel Zuna <pzuna@redhat.com> | 2011-02-07 13:54:25 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-02-10 11:16:58 -0500 |
| commit | c24725ed38dd94c34e4327d1d8c5720d768dcd37 (patch) | |
| tree | 6881bdc596bb2b862e308146fe91fe7b99166201 /ipalib/plugins | |
| parent | 46dbf0ae55f808a600b60dc45e0fccebcdc5ba99 (diff) | |
| download | freeipa-c24725ed38dd94c34e4327d1d8c5720d768dcd37.tar.gz freeipa-c24725ed38dd94c34e4327d1d8c5720d768dcd37.tar.xz freeipa-c24725ed38dd94c34e4327d1d8c5720d768dcd37.zip | |
Update krbtpolicy doc to inform that restarting krb5kdc might be needed.
Fix #844
Diffstat (limited to 'ipalib/plugins')
| -rw-r--r-- | ipalib/plugins/krbtpolicy.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/ipalib/plugins/krbtpolicy.py b/ipalib/plugins/krbtpolicy.py index d16cb367e..22ef161cb 100644 --- a/ipalib/plugins/krbtpolicy.py +++ b/ipalib/plugins/krbtpolicy.py @@ -23,6 +23,16 @@ There is a single Kerberos ticket policy. This policy defines the maximum ticket lifetime and the maximum renewal age, the period during which the ticket is renewable. +You can also create a per-user ticket policy by specifying the user login. + +For changes to the global policy to take effect, restarting the KDC service +is required, which can be achieved using: + +service krb5kdc restart + +Changes to per-user policies take effect immediatly for newly requested +tickets. + EXAMPLES: Display the current Kerberos ticket policy: @@ -33,6 +43,15 @@ EXAMPLES: Modify the policy to 8 hours max life, 1-day max renewal: ipa krbtpolicy-mod --maxlife=28800 --maxrenew=86400 + + Display effective Kerberos ticket policy for user 'admin': + ipa krbtpolicy-show admin + + Reset per-user policy for user 'admin': + ipa krbtpolicy-reset admin + + Modify per-user policy for user 'admin': + ipa krbtpolicy-mod admin --maxlife=3600 """ from ipalib import api |