1IPA-EPN(1) IPA Manual Pages IPA-EPN(1)
2
3
4
6 ipa-epn - Send expiring password nofications
7
9 ipa-epn [options]
10
11
13 ipa-epn provides a method to warn users via email that their IPA
14 account password is about to expire.
15
16 It can be used in dry-run mode which is recommmended during setup. The
17 output is always JSON in this case.
18
19 It can also be launched daily by its systemd timer. In this case it
20 will parse its configuration file epn.conf(5) and send an email to
21 users whose passwords are expiring within the defined future date
22 ranges.
23
24 See the OPTIONS section below and the epn.conf(5) man page on how to
25 configure the tool.
26
27
29 --to-nbdays <number of days>
30 The --to-nbdays CLI option can be used to determine the number
31 of notifications that would be sent in a given timeframe.
32
33 If --from-nbdays is not specified, ipa-epn will look within a
34 24-hour long time range in <number of days> days.
35
36 if --from-nbdays is specified, the date range starts at
37 --from-nbdays days in the future and ends at --to-nbdays in the
38 future.
39
40 Together, these two CLI options can be used to determine how
41 many emails would be sent in a specific time in the future.
42
43 The --to-nbdays CLI option implies --dry-run.
44
45 --from-nbdays <number of days>
46 See --to-nbdays for an explanation. This option must be used in
47 conjonction with --to-nbdays.
48
49 --dry-run
50 The --dry-run CLI option is intented to test ipa-epn's configu‐
51 ration.
52
53 For instance, if notify_ttls is set to 21, 14, 3, --dry-run
54 would display the list of users whose passwords would expire in
55 21, 14, and 3 days in the future.
56
57 --mail-test
58 The --mail-test CLI option will send an e-mail to the configured
59 smtp_admin value in /etc/ipa/epn.conf. Generic values for the
60 substitution variables are set so this is also useful for test‐
61 ing and configuring the mail template.
62
63
65 The template for the e-mail message is contained in
66 /etc/ipa/epn/expire_msg.template. The following template variables are
67 available.
68
69 User ID: uid
70
71 Full name: fullname
72
73 First name: first
74
75 Last name: Last
76
77 Password expiration date: expiration
78
79
81 # date
82 Sun 12 Apr 2020 06:23:08 AM CEST
83 # ipa-epn --dry-run
84 [
85 {
86 "uid": "user5",
87 "cn": "user 5",
88 "krbpasswordexpiration": "2020-04-17 15:51:53",
89 "mail": "['user5@ipa.test']"
90 }
91 ]
92 The IPA-EPN command was successful
93
94 # ipa-epn --to-nbdays 6 --dry-run
95 [
96 {
97 "uid": "user5",
98 "cn": "user 5",
99 "krbpasswordexpiration": "2020-04-17 15:51:53",
100 "mail": "['user5@ipa.test']"
101 }
102 ]
103 The IPA-EPN command was successful
104
105 # ipa-epn --from-nbdays 2 --to-nbdays 6 --dry-run
106 [
107 {
108 "uid": "user5",
109 "cn": "user 5",
110 "krbpasswordexpiration": "2020-04-17 15:51:53",
111 "mail": "['user5@ipa.test']"
112 }
113 ]
114 The IPA-EPN command was successful
115
116 # ipa-epn --from-nbdays 8 --to-nbdays 12 --dry-run
117 [
118 {
119 "uid": "user3",
120 "cn": "user 5",
121 "krbpasswordexpiration": "2020-04-21 00:00:08",
122 "mail": "['user3@ipa.test']"
123 }
124 ]
125 The IPA-EPN command was successful
126
127
128
130 The exit status is 0 on success, nonzero on error.
131
132
134 RFE: https://pagure.io/freeipa/issue/3687
135 Design document: https://github.com/freeipa/freeipa/blob/mas‐
136 ter/doc/designs/expiring-password-notification.md
137
138
139
141 None yet.
142
143
145 Please make sure first the issue is not already reported by searching at https://pagure.io/freeipa/issues. If it is not, file a new issue at https://pagure.io/freeipa/new_issue.
146
147
148
149
150IPA April 24, 2020 IPA-EPN(1)