From c9c904f2bd63ca7563b772ec3f28041716cb24db Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Wed, 23 Nov 2016 12:42:10 +0000
Subject: [PATCH] Disable password expiration

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/ipa/server/files/configure-ipa.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/ipa/server/files/configure-ipa.sh b/roles/ipa/server/files/configure-ipa.sh
index 5c1e0ca517..4fc2991878 100644
--- a/roles/ipa/server/files/configure-ipa.sh
+++ b/roles/ipa/server/files/configure-ipa.sh
@@ -23,6 +23,9 @@ ipa user-add fas_sync --first=FAS --last=Sync
 # Allow sync user to create and edit users
 ipa group-add-member admins --users=fas_sync
 
+# Disable password expiration
+ipa pwpolicy-mod global_policy --maxlife=0 --minlife=0 --history=0 --minclasses=0 --minlength=0 --maxfail=0
+
 # Allow sync user to update passwords
 ldapmodify -x -H ldapi://%2fvar%2frun%2fslapd-FEDORAPROJECT-ORG.socket <<EOF
 dn: cn=ipa_pwd_extop,cn=plugins,cn=config