Strange behavior now with our passwords (and we still haven't solved our problem with the "ipa" command, but at least with script, we have a workaround):

I noticed yesterday morning that my password, which has the following policy, was going to expire in 3 days so I changed it.

Max lifetime (days) : 0
Min lifetime (hours) : 0
History size (number of passwords): 0
Character classes: 2
Min length: 8
Max failures: 4
Failure reset interval (seconds): 60
Lockout duration (seconds): 60

The IPA web UI immediately began reporting in red that "Your password expires in -1 days."

This morning, I ran "kinit":

$ kinit
Password for br...@damascusgrp.com:
Password expired.  You must change it now.
Enter new password:
Enter it again:
Warning: Your password wille xpire in less than one hour on Thu 06 Mar 2014 06:45:48 AM EST
$

What's up? I'd like to solve this before it bites any of my users, though most have a policy that looks more like this:

Max lifetime (days) : 180
Min lifetime (hours) : 1
History size (number of passwords): 0
Character classes: 2
Min length: 8
Max failures: 6
Failure reset interval (seconds): 60
Lockout duration (seconds): 600


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to