[Freeipa-users] non-expiring password policy (or as close as I can come)

[Rob Crittenden]

KodaK wrote:
> On Thu, Jan 24, 2013 at 4:03 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>> It is a 32-bit time problem.
>>
>> I'd set the maxlife no higher than 5000 for now.
>
> Thanks.  Is there a way to apply this policy retroactively without
> requiring my users to reset passwords?
>
> --Jason
>

You'd have to manually tweak the password expiration in the records 
using ldapmodify.

rob