[Freeipa-users] Max life set 0 already but still promot admin rese tpassword every 3 months
Dmitri Pal
dpal at redhat.com
Fri Sep 12 11:18:29 UTC 2014
On 09/12/2014 07:13 AM, Dmitri Pal wrote:
> On 09/12/2014 12:13 AM, barrykfl at gmail.com wrote:
>> Hi:
>>
>> i set max life no expiry already but still pomt reset password every
>> 3 month
>>
>> any idea to disable it ??? what happening
>>
>> Regards
>>
>>
>>
> Where/how did you set it and what version do you run?
AFAIR the recommendation to set it to beginning of the last year of the
32 bit time epoch.
"The original implementation of the Unix operating system stored system
time as a 32-bit signed integer representing the number of seconds past
the Unix epoch: midnight UTC, 1 January 1970. This value will roll over
on *19 January 2038*."
Kerberos still uses 32 time. So set it to Jan 1 2038. It is the best
approximation of "never".
I think if you set it to 0 it assumes the default which is 90 days.
HTH
Dmitri
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140912/7ca8f5e5/attachment.htm>
More information about the Freeipa-users
mailing list