On Thu, Jan 24, 2013 at 4:03 PM, Rob Crittenden <rcritten at redhat.com> wrote: > It is a 32-bit time problem. > > I'd set the maxlife no higher than 5000 for now. Thanks. Is there a way to apply this policy retroactively without requiring my users to reset passwords? --Jason