[Freeipa-users] Password issues

Bret Wortman bret.wortman at damascusgrp.com
Thu Mar 6 13:10:07 UTC 2014 

Just found with some fresh Googling an email from Rob recommending 
setting the max to 5000. I'll try that.


On 03/06/2014 08:08 AM, Bret Wortman wrote:
> Is there a way to set a password to not expire? I thought I read 
> somewhere that 0 did that, but apparently not.
>
> On 03/06/2014 07:55 AM, Sumit Bose wrote:
>> On Thu, Mar 06, 2014 at 07:39:15AM -0500, Bret Wortman wrote:
>>> Strange behavior now with our passwords (and we still haven't solved
>>> our problem with the "ipa" command, but at least with script, we
>>> have a workaround):
>>>
>>> I noticed yesterday morning that my password, which has the
>>> following policy, was going to expire in 3 days so I changed it.
>>>
>>> Max lifetime (days) : 0
>> I think the behaviour is expected with this maximal lifetime.
>>
>> bye,
>> Sumit
>>
>>> Min lifetime (hours) : 0
>>> History size (number of passwords): 0
>>> Character classes: 2
>>> Min length: 8
>>> Max failures: 4
>>> Failure reset interval (seconds): 60
>>> Lockout duration (seconds): 60
>>>
>>> The IPA web UI immediately began reporting in red that "Your
>>> password expires in -1 days."
>>>
>>> This morning, I ran "kinit":
>>>
>>> $ kinit
>>> Password for bretw at DAMASCUSGRP.COM:
>>> Password expired.  You must change it now.
>>> Enter new password:
>>> Enter it again:
>>> Warning: Your password wille xpire in less than one hour on Thu 06
>>> Mar 2014 06:45:48 AM EST
>>> $
>>>
>>> What's up? I'd like to solve this before it bites any of my users,
>>> though most have a policy that looks more like this:
>>>
>>> Max lifetime (days) : 180
>>> Min lifetime (hours) : 1
>>> History size (number of passwords): 0
>>> Character classes: 2
>>> Min length: 8
>>> Max failures: 6
>>> Failure reset interval (seconds): 60
>>> Lockout duration (seconds): 600
>>>
>>>
>>> -- 
>>> *Bret Wortman*
>>>
>>> http://damascusgrp.com/
>>> http://about.me/wortmanbret
>>>
>>
>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140306/f5d53afe/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140306/f5d53afe/attachment.p7s>

More information about the Freeipa-users mailing list