Just found with some fresh Googling an email from Rob recommending setting the max to 5000. I'll try that.


On 03/06/2014 08:08 AM, Bret Wortman wrote:
Is there a way to set a password to not expire? I thought I read somewhere that 0 did that, but apparently not.

On 03/06/2014 07:55 AM, Sumit Bose wrote:
On Thu, Mar 06, 2014 at 07:39:15AM -0500, Bret Wortman wrote:
Strange behavior now with our passwords (and we still haven't solved
our problem with the "ipa" command, but at least with script, we
have a workaround):

I noticed yesterday morning that my password, which has the
following policy, was going to expire in 3 days so I changed it.

Max lifetime (days) : 0
I think the behaviour is expected with this maximal lifetime.

bye,
Sumit

Min lifetime (hours) : 0
History size (number of passwords): 0
Character classes: 2
Min length: 8
Max failures: 4
Failure reset interval (seconds): 60
Lockout duration (seconds): 60

The IPA web UI immediately began reporting in red that "Your
password expires in -1 days."

This morning, I ran "kinit":

$ kinit
Password for br...@damascusgrp.com:
Password expired.  You must change it now.
Enter new password:
Enter it again:
Warning: Your password wille xpire in less than one hour on Thu 06
Mar 2014 06:45:48 AM EST
$

What's up? I'd like to solve this before it bites any of my users,
though most have a policy that looks more like this:

Max lifetime (days) : 180
Min lifetime (hours) : 1
History size (number of passwords): 0
Character classes: 2
Min length: 8
Max failures: 6
Failure reset interval (seconds): 60
Lockout duration (seconds): 600


--
*Bret Wortman*

http://damascusgrp.com/
http://about.me/wortmanbret



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to