Ipa User-unlock !new! Jun 2026

If users are getting locked too often, review your password policies ( ipa pwpolicy-show ) to see if the threshold for locked attempts is too low (e.g., locking after only 3 attempts).

ipa user-unlock clears the failed login counter. It change the user's password. The user can log in immediately using their existing, correct password. ipa user-unlock

If you receive an "Insufficient access" error, ensure your current Kerberos ticket has the rights to modify user accounts. You can verify your current identity with the klist command. Unlocking via the Web UI If you prefer a graphical interface over the CLI: Log in to the . Navigate to the Identity tab -> Users . Search for and click on the locked User . Look for the Actions dropdown menu at the top right. If users are getting locked too often, review

It is important to differentiate between a locked account and a forgotten password: The user can log in immediately using their

Locate the locked user from the list or use the search bar, then click on their username to view their profile.

$ ipa user-unlock jsmith