On Wed, 2010-10-13 at 11:23 -0400, peter sands wrote: > I have a script that goes round and changes the expiration for another > 30 days, so that's OK. But is there a way the value for password > expiration can be constant and not reset.
Create a password policy, set its maxlife parameter, and associate that policy with the user principals (perhaps with a script). Example: addpol -maxlife "30 days" users modprinc -policy users user1 Or, if you already have a password policy for user principals, just use something like: modpol -maxlife "30 days" policyname > (using aix nas/kerberos 5) I think the functionality I've described has been in MIT krb5 for a long time, and thus should be present in the version you're using, but I can't be certain. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos