On 09/12/2014 01:22 PM, Petr Spacek wrote:
On 12.9.2014 13:18, Dmitri Pal wrote:
On 09/12/2014 07:13 AM, Dmitri Pal wrote:
On 09/12/2014 12:13 AM, barry...@gmail.com wrote:

i set max life no expiry already but still pomt reset password every 3 month

any idea to disable it ??? what happening


Where/how did you set it and what version do you run?

AFAIR the recommendation to set it to beginning of the last year of the 32 bit
time epoch.
"The original implementation of the Unix operating system stored system time
as a 32-bit signed integer representing the number of seconds past the Unix
epoch: midnight UTC, 1 January 1970. This value will roll over on *19 January

Kerberos still uses 32 time. So set it to Jan 1 2038. It is the best
approximation of "never".
I think if you set it to 0 it assumes the default which is 90 days.

This sounds like matter for a small improvement ticket. It could at least print
warning that "0 = default = 90 days".

We have that RFE ticket filed already:


Please add yourself to CC to show interest in the change + get updates (or even send a patch! :-)


Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to