[Freeipa-users] Password issues
Sumit Bose
sbose at redhat.com
Thu Mar 6 12:55:36 UTC 2014
On Thu, Mar 06, 2014 at 07:39:15AM -0500, Bret Wortman wrote:
> Strange behavior now with our passwords (and we still haven't solved
> our problem with the "ipa" command, but at least with script, we
> have a workaround):
>
> I noticed yesterday morning that my password, which has the
> following policy, was going to expire in 3 days so I changed it.
>
> Max lifetime (days) : 0
I think the behaviour is expected with this maximal lifetime.
bye,
Sumit
> Min lifetime (hours) : 0
> History size (number of passwords): 0
> Character classes: 2
> Min length: 8
> Max failures: 4
> Failure reset interval (seconds): 60
> Lockout duration (seconds): 60
>
> The IPA web UI immediately began reporting in red that "Your
> password expires in -1 days."
>
> This morning, I ran "kinit":
>
> $ kinit
> Password for bretw at DAMASCUSGRP.COM:
> Password expired. You must change it now.
> Enter new password:
> Enter it again:
> Warning: Your password wille xpire in less than one hour on Thu 06
> Mar 2014 06:45:48 AM EST
> $
>
> What's up? I'd like to solve this before it bites any of my users,
> though most have a policy that looks more like this:
>
> Max lifetime (days) : 180
> Min lifetime (hours) : 1
> History size (number of passwords): 0
> Character classes: 2
> Min length: 8
> Max failures: 6
> Failure reset interval (seconds): 60
> Lockout duration (seconds): 600
>
>
> --
> *Bret Wortman*
>
> http://damascusgrp.com/
> http://about.me/wortmanbret
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list