<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 09/12/2014 07:13 AM, Dmitri Pal wrote:<br> </div> <blockquote cite="mid:5412D569.1010006@redhat.com" type="cite"> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> <div class="moz-cite-prefix">On 09/12/2014 12:13 AM, <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:barrykfl@gmail.com">barrykfl@gmail.com</a> wrote:<br> </div> <blockquote cite="mid:CAELz9due-+BzN3L7d-JBoV0gJZaqVFGDK-djbZT7MPwQPJWNew@mail.gmail.com" type="cite"> <div dir="ltr"> <div>Hi:</div> <div><br> </div> <div>i set max life no expiry already but still pomt reset password every 3 month </div> <div><br> </div> <div>any idea to disable it ??? what happening</div> <div><br> </div> <div>Regards</div> <div><br> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> </blockquote> Where/how did you set it and what version do you run?<br> </blockquote> <br> AFAIR the recommendation to set it to beginning of the last year of the 32 bit time epoch.<br> "The original implementation of the Unix operating system stored system time as a 32-bit signed integer representing the number of seconds past the Unix epoch: midnight UTC, 1 January 1970. This value will roll over on <b>19 January 2038</b>."<br> <br> Kerberos still uses 32 time. So set it to Jan 1 2038. It is the best approximation of "never".<br> I think if you set it to 0 it assumes the default which is 90 days.<br> <br> HTH<br> Dmitri<br> <br> <blockquote cite="mid:5412D569.1010006@redhat.com" type="cite"> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.</pre> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> </blockquote> <br> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.</pre> </body> </html>