How it works...
User objects can be configured with expiration dates. After this moment in time, the user object can no longer be used to authenticate, including when using KCD.
After the expiration date is set, it is stored in the accountExpires attribute. The 64-bit value stored for this attribute represents the number of 100-nanosecond intervals since January 1, 1601 (UTC).
Account expiration is a good way to fill in the gaps of missing communications between HR and IT in the joiners, movers, and leavers process for Identity and Access Management (IAM).
In an organization where account expiration is used, the end date of the HR contract is used to ensure the user account automatically expires when the person would normally leave the organization. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access