28.5. Changing Password Expiration Date with Immediate Effect

You can use the ipa user-mod or ldapmodify utilities to change the expiration date of a user password.

Changing the expiration date of a user password by using the ipa user-mod utility

To enforce an immediate change of the expiration date, use ipa user-mod command with the --password-expiration option. For example, to set the expiration date to 2016-02-03 20:37:34 in the UTC time zone, run:
```
# ipa user-mod user_name --password-expiration='2016-02-03 20:37:34Z'
```
Note that the command uses a generalized time format and setting the expiration date to 20160203203734Z is also possible.

Changing the expiration date of a user password by using the ldapmodify utility

To enforce an immediate change of the expiration date, reset the krbPasswordExpiration attribute value in LDAP.

To change the expiration date for a single user:

Set the new value for the krbPasswordExpiration attribute for the user entry by using the following command:

 # ldapmodify -D "cn=Directory Manager" -w secret -h server.example.com -p 389 -vv

dn: uid=user_name,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: krbPasswordExpiration
krbPasswordExpiration: 20160203203734Z

The krbPasswordExpiration format follows generalized time format YYYMMDDHHMMSS.0Z.

Press Ctrl+D to confirm and send the changes to the server.

To edit multiple entries at once, use ldapmodify with the -f option to reference an LDIF file.

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.