For existing accounts, I can run "kadmin: modprinc -policy userpolicy oldprinc" Why do I have to run this command "kadmin: modprinc -expire "180 days" oldprinc", if the policy is already applied?
-----Original Message----- From: Greg Hudson [mailto:ghud...@mit.edu] Sent: Monday, March 28, 2016 5:05 PM To: Ramaiah, Vanna G.; kerberos@mit.edu Subject: Re: How to expire passwords for Kerberos user accounts On 03/28/2016 05:00 PM, Ramaiah, Vanna G. wrote: > Thank you. How to exclude service accounts from this password expiration? I > guess, If I don't run the command "kadmin: modprinc -policy userpolicy > oldprinc" for service accounts and create a policy with name other than > default, service accounts will remain untouched. Is that correct? Yes, that's correct. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos