Red Hat Bugzilla – Bug 1273040
[RFE] Automatically disable user accounts that have not been used for a specific period of time
Last modified: 2018-02-23 08:44:11 EST
This bug is created as a clone of upstream ticket:
Create a policy that would define for how log the user account can be inactive (no authentications) until it would be disabled automatically in IPA.
This is driven by PCI compliance requirements.
(In reply to Petr Vobornik from comment #2)
Please note that I just realized that this workaround only works under certain conditions:
- it is an environment with single IdM master
- OR, krbLastSuccessfulAuth is replicated (see https://fedorahosted.org/freeipa/ticket/5970)
- OR, if the script checks krbLastSuccessfulAuth on *all* IdM servers and uses the most recent one.