On 01/24/2013 11:17 PM, KodaK wrote:
On Thu, Jan 24, 2013 at 4:03 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
It is a 32-bit time problem.

I'd set the maxlife no higher than 5000 for now.

Thanks.  Is there a way to apply this policy retroactively without
requiring my users to reset passwords?

A calender will be shown to choose a date and time for simplicity if you download and use the Apache Directory Studio (http://directory.apache.org/studio/) to edit the krbPasswordExpiration attribute for an user account. It works well.


Freeipa-users mailing list

Reply via email to