On Thu, Mar 06, 2014 at 07:39:15AM -0500, Bret Wortman wrote: > Strange behavior now with our passwords (and we still haven't solved > our problem with the "ipa" command, but at least with script, we > have a workaround): > > I noticed yesterday morning that my password, which has the > following policy, was going to expire in 3 days so I changed it. > > Max lifetime (days) : 0
I think the behaviour is expected with this maximal lifetime. bye, Sumit > Min lifetime (hours) : 0 > History size (number of passwords): 0 > Character classes: 2 > Min length: 8 > Max failures: 4 > Failure reset interval (seconds): 60 > Lockout duration (seconds): 60 > > The IPA web UI immediately began reporting in red that "Your > password expires in -1 days." > > This morning, I ran "kinit": > > $ kinit > Password for [email protected]: > Password expired. You must change it now. > Enter new password: > Enter it again: > Warning: Your password wille xpire in less than one hour on Thu 06 > Mar 2014 06:45:48 AM EST > $ > > What's up? I'd like to solve this before it bites any of my users, > though most have a policy that looks more like this: > > Max lifetime (days) : 180 > Min lifetime (hours) : 1 > History size (number of passwords): 0 > Character classes: 2 > Min length: 8 > Max failures: 6 > Failure reset interval (seconds): 60 > Lockout duration (seconds): 600 > > > -- > *Bret Wortman* > > http://damascusgrp.com/ > http://about.me/wortmanbret > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
