KodaK wrote:
I have a need to have certain mission critical application accounts
non-expiring (people don't log in directly, but if the accounts expire
it could stop production jobs.)
I've set "Max lifetime (days)" to 99999 in the web interface, but
here's what I see when I do "ipa pwpolicy show":
Group: application-accounts
Max lifetime (days): 8639913600
Min lifetime (hours): 0
History size: 0
Character classes: 3
Min length: 8
Priority: 0
Max failures: 0
Failure reset interval: 0
Lockout duration: 0
I have a user that is a member of the application-accounts group and
they reset their password yesterday, but their password is set to
expire in three months:
krbpasswordexpiration: 20130423220808Z
krbpwdpolicyreference: cn=application-accounts
Have I hit some maximum and I'm confusing IPA? Or do I completely
misunderstand these entries?
I also have a case open with RH on this, but I haven't heard anything
back yet. If I get this solved through them I'll be sure to reply
with results.
It is a 32-bit time problem.
I'd set the maxlife no higher than 5000 for now.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users