|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| IPA-EPN(1) | IPA Manual Pages | IPA-EPN(1) |
NAME
ipa-epn - Send expiring password notifications
SYNOPSIS
ipa-epn [options]
DESCRIPTION
ipa-epn provides a method to warn users via email that their IPA account password is about to expire.
It can be used in dry-run mode which is recommended during setup. The output is always JSON in this case.
It can also be launched daily by its systemd timer. In this case it will parse its configuration file epn.conf(5) and send an email to users whose passwords are expiring within the defined future date ranges.
See the OPTIONS section below and the epn.conf(5) man page on how to configure the tool.
OPTIONS
- --to-nbdays <number of days>
- The --to-nbdays CLI option can be used to determine the number of
notifications that would be sent in a given timeframe.
If --from-nbdays is not specified, ipa-epn will look within a 24-hour long time range in <number of days> days.
if --from-nbdays is specified, the date range starts at --from-nbdays days in the future and ends at --to-nbdays in the future.
Together, these two CLI options can be used to determine how many emails would be sent in a specific time in the future.
The --to-nbdays CLI option implies --dry-run.
- --from-nbdays <number of days>
- See --to-nbdays for an explanation. This option must be used in conjunction with --to-nbdays.
- --dry-run
- The --dry-run CLI option is intended to test ipa-epn's
configuration.
For instance, if notify_ttls is set to 21, 14, 3, --dry-run would display the list of users whose passwords would expire in 21, 14, and 3 days in the future.
- --mail-test
- The --mail-test CLI option will send an e-mail to the configured smtp_admin value in /etc/ipa/epn.conf. Generic values for the substitution variables are set so this is also useful for testing and configuring the mail template.
TEMPLATE
The template for the e-mail message is contained in /etc/ipa/epn/expire_msg.template. The following template variables are available.
EXAMPLES
# date
Sun 12 Apr 2020 06:23:08 AM CEST
# ipa-epn --dry-run
[
{
"uid": "user5",
"cn": "user 5",
"krbpasswordexpiration": "2020-04-17 15:51:53",
"mail": "['user5@ipa.test']"
}
]
The IPA-EPN command was successful
# ipa-epn --to-nbdays 6 --dry-run
[
{
"uid": "user5",
"cn": "user 5",
"krbpasswordexpiration": "2020-04-17 15:51:53",
"mail": "['user5@ipa.test']"
}
]
The IPA-EPN command was successful
# ipa-epn --from-nbdays 2 --to-nbdays 6 --dry-run
[
{
"uid": "user5",
"cn": "user 5",
"krbpasswordexpiration": "2020-04-17 15:51:53",
"mail": "['user5@ipa.test']"
}
]
The IPA-EPN command was successful
# ipa-epn --from-nbdays 8 --to-nbdays 12 --dry-run
[
{
"uid": "user3",
"cn": "user 5",
"krbpasswordexpiration": "2020-04-21 00:00:08",
"mail": "['user3@ipa.test']"
}
]
The IPA-EPN command was successful
EXIT STATUS
The exit status is 0 on success, nonzero on error.
SEE ALSO
RFE: https://pagure.io/freeipa/issue/3687
Design document:
https://github.com/freeipa/freeipa/blob/master/doc/designs/expiring-password-notification.md
KNOWN BUGS
None yet.
REPORTING BUGS AND ENHANCEMENT IDEAS
Please make sure first the issue is not already reported by searching at https://pagure.io/freeipa/issues. If it is not, file a new issue at https://pagure.io/freeipa/new_issue.
| April 24, 2020 | IPA |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.