[Freeipa-users] Password issues

[Bret Wortman]

Strange behavior now with our passwords (and we still haven't solved our 
problem with the "ipa" command, but at least with script, we have a 
workaround):

I noticed yesterday morning that my password, which has the following 
policy, was going to expire in 3 days so I changed it.

Max lifetime (days) : 0
Min lifetime (hours) : 0
History size (number of passwords): 0
Character classes: 2
Min length: 8
Max failures: 4
Failure reset interval (seconds): 60
Lockout duration (seconds): 60

The IPA web UI immediately began reporting in red that "Your password 
expires in -1 days."

This morning, I ran "kinit":

$ kinit
Password for bretw at DAMASCUSGRP.COM:
Password expired.  You must change it now.
Enter new password:
Enter it again:
Warning: Your password wille xpire in less than one hour on Thu 06 Mar 
2014 06:45:48 AM EST
$

What's up? I'd like to solve this before it bites any of my users, 
though most have a policy that looks more like this:

Max lifetime (days) : 180
Min lifetime (hours) : 1
History size (number of passwords): 0
Character classes: 2
Min length: 8
Max failures: 6
Failure reset interval (seconds): 60
Lockout duration (seconds): 600


-- 
*Bret Wortman*

http://damascusgrp.com/
http://about.me/wortmanbret

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140306/75d6a1b2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 51f7de33e4b08d2bdb8b4860
Type: image/png
Size: 28526 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140306/75d6a1b2/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140306/75d6a1b2/attachment.p7s>