[Freeipa-users] Password issues

Bret Wortman bret.wortman at damascusgrp.com
Thu Mar 6 13:08:01 UTC 2014 

Is there a way to set a password to not expire? I thought I read 
somewhere that 0 did that, but apparently not.

On 03/06/2014 07:55 AM, Sumit Bose wrote:
> On Thu, Mar 06, 2014 at 07:39:15AM -0500, Bret Wortman wrote:
>> Strange behavior now with our passwords (and we still haven't solved
>> our problem with the "ipa" command, but at least with script, we
>> have a workaround):
>>
>> I noticed yesterday morning that my password, which has the
>> following policy, was going to expire in 3 days so I changed it.
>>
>> Max lifetime (days) : 0
> I think the behaviour is expected with this maximal lifetime.
>
> bye,
> Sumit
>
>> Min lifetime (hours) : 0
>> History size (number of passwords): 0
>> Character classes: 2
>> Min length: 8
>> Max failures: 4
>> Failure reset interval (seconds): 60
>> Lockout duration (seconds): 60
>>
>> The IPA web UI immediately began reporting in red that "Your
>> password expires in -1 days."
>>
>> This morning, I ran "kinit":
>>
>> $ kinit
>> Password for bretw at DAMASCUSGRP.COM:
>> Password expired.  You must change it now.
>> Enter new password:
>> Enter it again:
>> Warning: Your password wille xpire in less than one hour on Thu 06
>> Mar 2014 06:45:48 AM EST
>> $
>>
>> What's up? I'd like to solve this before it bites any of my users,
>> though most have a policy that looks more like this:
>>
>> Max lifetime (days) : 180
>> Min lifetime (hours) : 1
>> History size (number of passwords): 0
>> Character classes: 2
>> Min length: 8
>> Max failures: 6
>> Failure reset interval (seconds): 60
>> Lockout duration (seconds): 600
>>
>>
>> -- 
>> *Bret Wortman*
>>
>> http://damascusgrp.com/
>> http://about.me/wortmanbret
>>
>
>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140306/1fd4d1e0/attachment.p7s>

More information about the Freeipa-users mailing list