On 03/06/2014 07:55 AM, Sumit Bose wrote:
On Thu, Mar 06, 2014 at 07:39:15AM -0500, Bret Wortman wrote:Strange behavior now with our passwords (and we still haven't solved our problem with the "ipa" command, but at least with script, we have a workaround):I noticed yesterday morning that my password, which has the following policy, was going to expire in 3 days so I changed it. Max lifetime (days) : 0I think the behaviour is expected with this maximal lifetime. bye, SumitMin lifetime (hours) : 0 History size (number of passwords): 0 Character classes: 2 Min length: 8 Max failures: 4 Failure reset interval (seconds): 60 Lockout duration (seconds): 60 The IPA web UI immediately began reporting in red that "Your password expires in -1 days." This morning, I ran "kinit": $ kinit Password for br...@damascusgrp.com: Password expired. You must change it now. Enter new password: Enter it again: Warning: Your password wille xpire in less than one hour on Thu 06 Mar 2014 06:45:48 AM EST $ What's up? I'd like to solve this before it bites any of my users, though most have a policy that looks more like this: Max lifetime (days) : 180 Min lifetime (hours) : 1 History size (number of passwords): 0 Character classes: 2 Min length: 8 Max failures: 6 Failure reset interval (seconds): 60 Lockout duration (seconds): 600 -- *Bret Wortman* http://damascusgrp.com/ http://about.me/wortmanbret_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users