Skip to content

Ipa User-unlock

While unlocking users is operationally necessary, it introduces security vectors that must be managed.

ipa user-unlock does not change the password. It simply removes the nsaccountlock attribute from the user's LDAP entry and resets the failed login counter in the Kerberos KDC. ipa user-unlock

After unlocking:

Sideloading an unknown IPA file is risky. Malicious bypass tools have been known to: While unlocking users is operationally necessary