diff options
author | David Kupka <dkupka@redhat.com> | 2016-06-30 08:52:33 +0200 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2016-07-01 11:22:02 +0200 |
commit | d2cb9ed327ee4003598d5e45d80ab7918b89eeed (patch) | |
tree | 759a8dbeb8cec1226cefdb097354e78756bcf639 /ipaserver/plugins/pwpolicy.py | |
parent | 3691e39a62da5134f911f6a798f79a3a2ae0c025 (diff) | |
download | freeipa-d2cb9ed327ee4003598d5e45d80ab7918b89eeed.tar.gz freeipa-d2cb9ed327ee4003598d5e45d80ab7918b89eeed.tar.xz freeipa-d2cb9ed327ee4003598d5e45d80ab7918b89eeed.zip |
Allow unexpiring passwords
Treat maxlife=0 in password policy as "never expire". Delete
krbPasswordExpiration in user entry when password should never expire.
https://fedorahosted.org/freeipa/ticket/2795
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
Diffstat (limited to 'ipaserver/plugins/pwpolicy.py')
-rw-r--r-- | ipaserver/plugins/pwpolicy.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/plugins/pwpolicy.py b/ipaserver/plugins/pwpolicy.py index 5a2202aa0..e5e68fb58 100644 --- a/ipaserver/plugins/pwpolicy.py +++ b/ipaserver/plugins/pwpolicy.py @@ -411,7 +411,7 @@ class pwpolicy(LDAPObject): if maxlife is None and 'krbmaxpwdlife' in existing_entry: maxlife = int(existing_entry['krbmaxpwdlife'][0]) * 86400 - if maxlife is not None and minlife is not None: + if maxlife not in (None, 0) and minlife is not None: if minlife > maxlife: raise errors.ValidationError( name='maxlife', |