Expiring password notification

Joseph Fischetti Joseph.Fischetti at marist.edu
Mon Oct 23 08:31:58 EDT 2017

The password expiration notification that ships with the idp right now can be modified however you need it to in order to match what you have your ldap doing. For what it's worth, and I find myself using this justification often, our password expiration attribute was created long before me. We have an attribute that's either -1, 0, or 1 based on a valid, expiring (15 days), or expired password. We have other tools syncing data from Banner, handling our email forwarding, and building the user database for zVM, and I believe one of those tools also handles the password expiration attribute. We do have 'passwordexpiretime' and 'passwordupdate' attributes, but our pwwarning is authoritative. 

I have a custom flow intercept for an expired password that's handled locally, and use the built in flow intercept for expiring password when the password will expire soon, based on the value of pwwarning.

Don't implement what we have. While it's functional, there are better ways to achieve the same results. On the bright side, the idp only has to check for 1 of 3 expected values rather than doing any date calculations....

Joseph Fischetti 
Linux System Administrator 
Marist College

More information about the users mailing list