1IPA-EPN(1) IPA Manual Pages IPA-EPN(1)
2
6 ipa-epn - Send expiring password notifications
7
9 ipa-epn [options]
10
13 ipa-epn provides a method to warn users via email that their IPA ac‐
14 count password is about to expire.
15 It can be used in dry-run mode which is recommended during setup. The
17 output is always JSON in this case.
18 It can also be launched daily by its systemd timer. In this case it
20 will parse its configuration file epn.conf(5) and send an email to
21 users whose passwords are expiring within the defined future date
22 ranges.
23 See the OPTIONS section below and the epn.conf(5) man page on how to
25 configure the tool.
26
29 --to-nbdays <number of days>
30 The --to-nbdays CLI option can be used to determine the number
31 of notifications that would be sent in a given timeframe.
32 If --from-nbdays is not specified, ipa-epn will look within a
34 24-hour long time range in <number of days> days.
35 if --from-nbdays is specified, the date range starts at
37 --from-nbdays days in the future and ends at --to-nbdays in the
38 future.
39 Together, these two CLI options can be used to determine how
41 many emails would be sent in a specific time in the future.
42 The --to-nbdays CLI option implies --dry-run.
44 --from-nbdays <number of days>
46 See --to-nbdays for an explanation. This option must be used in
47 conjunction with --to-nbdays.
48 --dry-run
50 The --dry-run CLI option is intended to test ipa-epn's configu‐
51 ration.
52 For instance, if notify_ttls is set to 21, 14, 3, --dry-run
54 would display the list of users whose passwords would expire in
55 21, 14, and 3 days in the future.
56 --mail-test
58 The --mail-test CLI option will send an e-mail to the configured
59 smtp_admin value in /etc/ipa/epn.conf. Generic values for the
60 substitution variables are set so this is also useful for test‐
61 ing and configuring the mail template.
62
65 The template for the e-mail message is contained in /etc/ipa/epn/ex‐
66 pire_msg.template. The following template variables are available.
67 User ID: uid
69 Full name: fullname
71 First name: first
73 Last name: Last
75 Password expiration date: expiration
77
80 # date
81 Sun 12 Apr 2020 06:23:08 AM CEST
82 # ipa-epn --dry-run
83 [
84 {
85 "uid": "user5",
86 "cn": "user 5",
87 "krbpasswordexpiration": "2020-04-17 15:51:53",
88 "mail": "['user5@ipa.test']"
89 }
90 ]
91 The IPA-EPN command was successful
92 # ipa-epn --to-nbdays 6 --dry-run
94 [
95 {
96 "uid": "user5",
97 "cn": "user 5",
98 "krbpasswordexpiration": "2020-04-17 15:51:53",
99 "mail": "['user5@ipa.test']"
100 }
101 ]
102 The IPA-EPN command was successful
103 # ipa-epn --from-nbdays 2 --to-nbdays 6 --dry-run
105 [
106 {
107 "uid": "user5",
108 "cn": "user 5",
109 "krbpasswordexpiration": "2020-04-17 15:51:53",
110 "mail": "['user5@ipa.test']"
111 }
112 ]
113 The IPA-EPN command was successful
114 # ipa-epn --from-nbdays 8 --to-nbdays 12 --dry-run
116 [
117 {
118 "uid": "user3",
119 "cn": "user 5",
120 "krbpasswordexpiration": "2020-04-21 00:00:08",
121 "mail": "['user3@ipa.test']"
122 }
123 ]
124 The IPA-EPN command was successful
125
129 The exit status is 0 on success, nonzero on error.
130
133 RFE: https://pagure.io/freeipa/issue/3687
134 Design document: https://github.com/freeipa/freeipa/blob/mas‐
135 ter/doc/designs/expiring-password-notification.md
136
140 None yet.
141
144 Please make sure first the issue is not already reported by searching at https://pagure.io/freeipa/issues. If it is not, file a new issue at https://pagure.io/freeipa/new_issue.
145IPA April 24, 2020 IPA-EPN(1)