On Wed, Dec 4, 2013 at 12:05 PM, Martin Kosek <mko...@redhat.com> wrote: > On 12/04/2013 11:53 AM, Natxo Asenjo wrote: >> On Wed, Dec 4, 2013 at 11:44 AM, Natxo Asenjo <natxo.ase...@gmail.com> wrote: >>> On Wed, Dec 4, 2013 at 10:59 AM, Исаев Виталий Анатольевич >>> <is...@fintech.ru> wrote: >> To change a value: >> $ ipa pwpolicy-mod global_policy --lockouttime=INT >> >> (where INT is the number of seconds you want the lock to be >> implemented, set it to a huge number, like 946080000 in practice 30 ( >> 3600 secs * 24 hours * 365 days * 30 years ) years is like a life >> sentence ;-) - the accounts). >> > > Right, though I am not sure if it would not hit Kerberos limitation for too > large timestamps. > > Alternatively, you can set the Lockout Duration to 0, this should lock out the > account permanently after the number of tries was breached.
cool, is that documented? I could not find it in ipa help pwpolicy-mod _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users