On 12.9.2014 13:18, Dmitri Pal wrote:
On 09/12/2014 07:13 AM, Dmitri Pal wrote:
On 09/12/2014 12:13 AM, barry...@gmail.com wrote:
Hi:

i set max life no expiry already but still pomt reset password every 3 month

any idea to disable it ??? what happening

Regards



Where/how did you set it and what version do you run?

AFAIR the recommendation to set it to beginning of the last year of the 32 bit
time epoch.
"The original implementation of the Unix operating system stored system time
as a 32-bit signed integer representing the number of seconds past the Unix
epoch: midnight UTC, 1 January 1970. This value will roll over on *19 January
2038*."

Kerberos still uses 32 time. So set it to Jan 1 2038. It is the best
approximation of "never".
I think if you set it to 0 it assumes the default which is 90 days.

This sounds like matter for a small improvement ticket. It could at least print warning that "0 = default = 90 days".

--
Petr^2 Spacek

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to