On Thu, Mar 06, 2014 at 07:39:15AM -0500, Bret Wortman wrote:
> Strange behavior now with our passwords (and we still haven't solved
> our problem with the "ipa" command, but at least with script, we
> have a workaround):
> 
> I noticed yesterday morning that my password, which has the
> following policy, was going to expire in 3 days so I changed it.
> 
> Max lifetime (days) : 0

I think the behaviour is expected with this maximal lifetime.

bye,
Sumit

> Min lifetime (hours) : 0
> History size (number of passwords): 0
> Character classes: 2
> Min length: 8
> Max failures: 4
> Failure reset interval (seconds): 60
> Lockout duration (seconds): 60
> 
> The IPA web UI immediately began reporting in red that "Your
> password expires in -1 days."
> 
> This morning, I ran "kinit":
> 
> $ kinit
> Password for br...@damascusgrp.com:
> Password expired.  You must change it now.
> Enter new password:
> Enter it again:
> Warning: Your password wille xpire in less than one hour on Thu 06
> Mar 2014 06:45:48 AM EST
> $
> 
> What's up? I'd like to solve this before it bites any of my users,
> though most have a policy that looks more like this:
> 
> Max lifetime (days) : 180
> Min lifetime (hours) : 1
> History size (number of passwords): 0
> Character classes: 2
> Min length: 8
> Max failures: 6
> Failure reset interval (seconds): 60
> Lockout duration (seconds): 600
> 
> 
> -- 
> *Bret Wortman*
> 
> http://damascusgrp.com/
> http://about.me/wortmanbret
> 



> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to