[Freeipa-users] Password issues
Dmitri Pal
dpal at redhat.com
Fri Mar 7 01:25:30 UTC 2014
On 03/06/2014 08:10 AM, Bret Wortman wrote:
> Just found with some fresh Googling an email from Rob recommending
> setting the max to 5000. I'll try that.
Just make sure it is not after 2038 because Kerberos uses 32 bit time
that rolls over in Feb of 2038.
>
>
> On 03/06/2014 08:08 AM, Bret Wortman wrote:
>> Is there a way to set a password to not expire? I thought I read
>> somewhere that 0 did that, but apparently not.
>>
>> On 03/06/2014 07:55 AM, Sumit Bose wrote:
>>> On Thu, Mar 06, 2014 at 07:39:15AM -0500, Bret Wortman wrote:
>>>> Strange behavior now with our passwords (and we still haven't solved
>>>> our problem with the "ipa" command, but at least with script, we
>>>> have a workaround):
>>>>
>>>> I noticed yesterday morning that my password, which has the
>>>> following policy, was going to expire in 3 days so I changed it.
>>>>
>>>> Max lifetime (days) : 0
>>> I think the behaviour is expected with this maximal lifetime.
>>>
>>> bye,
>>> Sumit
>>>
>>>> Min lifetime (hours) : 0
>>>> History size (number of passwords): 0
>>>> Character classes: 2
>>>> Min length: 8
>>>> Max failures: 4
>>>> Failure reset interval (seconds): 60
>>>> Lockout duration (seconds): 60
>>>>
>>>> The IPA web UI immediately began reporting in red that "Your
>>>> password expires in -1 days."
>>>>
>>>> This morning, I ran "kinit":
>>>>
>>>> $ kinit
>>>> Password for bretw at DAMASCUSGRP.COM:
>>>> Password expired. You must change it now.
>>>> Enter new password:
>>>> Enter it again:
>>>> Warning: Your password wille xpire in less than one hour on Thu 06
>>>> Mar 2014 06:45:48 AM EST
>>>> $
>>>>
>>>> What's up? I'd like to solve this before it bites any of my users,
>>>> though most have a policy that looks more like this:
>>>>
>>>> Max lifetime (days) : 180
>>>> Min lifetime (hours) : 1
>>>> History size (number of passwords): 0
>>>> Character classes: 2
>>>> Min length: 8
>>>> Max failures: 6
>>>> Failure reset interval (seconds): 60
>>>> Lockout duration (seconds): 600
>>>>
>>>>
>>>> --
>>>> *Bret Wortman*
>>>>
>>>> http://damascusgrp.com/
>>>> http://about.me/wortmanbret
>>>>
>>>
>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140306/542a0838/attachment.htm>
More information about the Freeipa-users
mailing list