In 26 years, I guarantee this will be someone else's problem.
Bret Wortman http://bretwortman.com/ http://twitter.com/BretWortman > On Mar 6, 2014, at 8:25 PM, Dmitri Pal <d...@redhat.com> wrote: > >> On 03/06/2014 08:10 AM, Bret Wortman wrote: >> Just found with some fresh Googling an email from Rob recommending setting >> the max to 5000. I'll try that. > > Just make sure it is not after 2038 because Kerberos uses 32 bit time that > rolls over in Feb of 2038. > >> >> >>> On 03/06/2014 08:08 AM, Bret Wortman wrote: >>> Is there a way to set a password to not expire? I thought I read somewhere >>> that 0 did that, but apparently not. >>> >>>> On 03/06/2014 07:55 AM, Sumit Bose wrote: >>>>> On Thu, Mar 06, 2014 at 07:39:15AM -0500, Bret Wortman wrote: >>>>> Strange behavior now with our passwords (and we still haven't solved >>>>> our problem with the "ipa" command, but at least with script, we >>>>> have a workaround): >>>>> >>>>> I noticed yesterday morning that my password, which has the >>>>> following policy, was going to expire in 3 days so I changed it. >>>>> >>>>> Max lifetime (days) : 0 >>>> I think the behaviour is expected with this maximal lifetime. >>>> >>>> bye, >>>> Sumit >>>> >>>>> Min lifetime (hours) : 0 >>>>> History size (number of passwords): 0 >>>>> Character classes: 2 >>>>> Min length: 8 >>>>> Max failures: 4 >>>>> Failure reset interval (seconds): 60 >>>>> Lockout duration (seconds): 60 >>>>> >>>>> The IPA web UI immediately began reporting in red that "Your >>>>> password expires in -1 days." >>>>> >>>>> This morning, I ran "kinit": >>>>> >>>>> $ kinit >>>>> Password for br...@damascusgrp.com: >>>>> Password expired. You must change it now. >>>>> Enter new password: >>>>> Enter it again: >>>>> Warning: Your password wille xpire in less than one hour on >>>>> Thu 06 >>>>> Mar 2014 06:45:48 AM EST >>>>> $ >>>>> >>>>> What's up? I'd like to solve this before it bites any of my users, >>>>> though most have a policy that looks more like this: >>>>> >>>>> Max lifetime (days) : 180 >>>>> Min lifetime (hours) : 1 >>>>> History size (number of passwords): 0 >>>>> Character classes: 2 >>>>> Min length: 8 >>>>> Max failures: 6 >>>>> Failure reset interval (seconds): 60 >>>>> Lockout duration (seconds): 600 >>>>> >>>>> >>>>> -- >>>>> *Bret Wortman* >>>>> >>>>> http://damascusgrp.com/ >>>>> http://about.me/wortmanbret >>>> >>>> >>>>> _______________________________________________ >>>>> Freeipa-users mailing list >>>>> Freeipa-users@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> Freeipa-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >>> >>> >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> Freeipa-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users