[Freeipa-users] Max life set 0 already but still promot admin rese tpassword every 3 months
Martin Kosek
mkosek at redhat.com
Fri Sep 12 12:55:46 UTC 2014
On 09/12/2014 01:22 PM, Petr Spacek wrote:
> On 12.9.2014 13:18, Dmitri Pal wrote:
>> On 09/12/2014 07:13 AM, Dmitri Pal wrote:
>>> On 09/12/2014 12:13 AM, barrykfl at gmail.com wrote:
>>>> Hi:
>>>>
>>>> i set max life no expiry already but still pomt reset password every 3 month
>>>>
>>>> any idea to disable it ??? what happening
>>>>
>>>> Regards
>>>>
>>>>
>>>>
>>> Where/how did you set it and what version do you run?
>>
>> AFAIR the recommendation to set it to beginning of the last year of the 32 bit
>> time epoch.
>> "The original implementation of the Unix operating system stored system time
>> as a 32-bit signed integer representing the number of seconds past the Unix
>> epoch: midnight UTC, 1 January 1970. This value will roll over on *19 January
>> 2038*."
>>
>> Kerberos still uses 32 time. So set it to Jan 1 2038. It is the best
>> approximation of "never".
>> I think if you set it to 0 it assumes the default which is 90 days.
>
> This sounds like matter for a small improvement ticket. It could at least print
> warning that "0 = default = 90 days".
>
We have that RFE ticket filed already:
https://fedorahosted.org/freeipa/ticket/2795
Please add yourself to CC to show interest in the change + get updates (or even
send a patch! :-)
Martin
More information about the Freeipa-users
mailing list