Hi Tom, your answer seems to have pointed me into the right direction: It seems as if it stands in relation with the very large values I assigned:
kadmin: get_policy admin Policy: admin Maximum password life: 2592000 Minimum password life: 86400 Minimum password length: 10 Minimum number of password character classes: 3 Number of old keys kept: 10 Reference count: 0 Maximum password failures before lockout: 0 Password failure count reset interval: 0 days 00:00:00 Password lockout duration: 0 days 00:00:00 kadmin: modify_policy -maxlife 36500days -minlife 1day -minlength 12 -minclasses 3 -history 30 admin modify_policy: Communication failure with server while modifying policy "admin". kadmin: modify_policy -maxlife 31days -minlife 1day -minlength 12 -minclasses 3 -history 30 admin kadmin: Thank you for pointing me to that! The OS running is Debian amd64 x86_64, so yeah: 64-bit platform. When I was playing around with the possible policy features, I searched for a value like "forever" for '-maxlife'. Since I didn't find that, I set 100 years instead (36500days). That I can set it to '0' or leave it away completely to achieve that, hasn't come to my mind. Not sure if this has to be classified as a bug or not now ... normally, kadmin and kadmin.local should behave the same way, so I'd say it is, even though the value I used is stupid, it shouldn't lead to that behavior. Thanks for your help! Am 17.12.2014 um 20:32 schrieb Tom Yu: > Marc Richter <m...@marc-richter.info> writes: > >> root@deb-krb:/etc# kadmin.local -m -p user/ad...@example.com >> Authenticating as principal user/ad...@example.com with password. >> Enter KDC database master key: >> kadmin.local: get_policy admin >> Policy: admin >> Maximum password life: 3153600000 > > Do you get a failure when attempting to do any remote kadmin operation > that doesn't involve setting or retrieving a password life that is > greater than 2**31? Also, is this a 64-bit platform? > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos