On Tue, 2011-03-22 at 10:33 -0400, Claudio Prono wrote: > I have the users already working, but now how i can set a password > expiration policy?
In MIT krb5 you'd do it like this: 1. Run kadmin or kadmin.local 2. Create a password policy with 'addpol -maxlife "90 days" polname', where polname can be any name you want. You can make further changes to the policy with the modpol command. 3. Associate the policy with the users with 'modprinc -policy polname userprinc', for each user principal. 4. The next time the users change passwords, they will get a 90-day expiry time. 5. You can set a one-time expiration for a user's current password with 'modprinc -pwexpire "90 days" userprinc'. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
