Re: [Freeipa-users] Max life set 0 already but still promot admin rese tpassword every 3 months
On 09/12/2014 12:13 AM, barry...@gmail.com wrote: Hi: i set max life no expiry already but still pomt reset password every 3 month any idea to disable it ??? what happening Regards Where/how did you set it and what version do you run? -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Max life set 0 already but still promot admin rese tpassword every 3 months
On 09/12/2014 07:13 AM, Dmitri Pal wrote: On 09/12/2014 12:13 AM, barry...@gmail.com wrote: Hi: i set max life no expiry already but still pomt reset password every 3 month any idea to disable it ??? what happening Regards Where/how did you set it and what version do you run? AFAIR the recommendation to set it to beginning of the last year of the 32 bit time epoch. The original implementation of the Unix operating system stored system time as a 32-bit signed integer representing the number of seconds past the Unix epoch: midnight UTC, 1 January 1970. This value will roll over on *19 January 2038*. Kerberos still uses 32 time. So set it to Jan 1 2038. It is the best approximation of never. I think if you set it to 0 it assumes the default which is 90 days. HTH Dmitri -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Max life set 0 already but still promot admin rese tpassword every 3 months
On 12.9.2014 13:18, Dmitri Pal wrote: On 09/12/2014 07:13 AM, Dmitri Pal wrote: On 09/12/2014 12:13 AM, barry...@gmail.com wrote: Hi: i set max life no expiry already but still pomt reset password every 3 month any idea to disable it ??? what happening Regards Where/how did you set it and what version do you run? AFAIR the recommendation to set it to beginning of the last year of the 32 bit time epoch. The original implementation of the Unix operating system stored system time as a 32-bit signed integer representing the number of seconds past the Unix epoch: midnight UTC, 1 January 1970. This value will roll over on *19 January 2038*. Kerberos still uses 32 time. So set it to Jan 1 2038. It is the best approximation of never. I think if you set it to 0 it assumes the default which is 90 days. This sounds like matter for a small improvement ticket. It could at least print warning that 0 = default = 90 days. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Max life set 0 already but still promot admin rese tpassword every 3 months
On 09/12/2014 01:22 PM, Petr Spacek wrote: On 12.9.2014 13:18, Dmitri Pal wrote: On 09/12/2014 07:13 AM, Dmitri Pal wrote: On 09/12/2014 12:13 AM, barry...@gmail.com wrote: Hi: i set max life no expiry already but still pomt reset password every 3 month any idea to disable it ??? what happening Regards Where/how did you set it and what version do you run? AFAIR the recommendation to set it to beginning of the last year of the 32 bit time epoch. The original implementation of the Unix operating system stored system time as a 32-bit signed integer representing the number of seconds past the Unix epoch: midnight UTC, 1 January 1970. This value will roll over on *19 January 2038*. Kerberos still uses 32 time. So set it to Jan 1 2038. It is the best approximation of never. I think if you set it to 0 it assumes the default which is 90 days. This sounds like matter for a small improvement ticket. It could at least print warning that 0 = default = 90 days. We have that RFE ticket filed already: https://fedorahosted.org/freeipa/ticket/2795 Please add yourself to CC to show interest in the change + get updates (or even send a patch! :-) Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] Max life set 0 already but still promot admin rese tpassword every 3 months
Hi: i set max life no expiry already but still pomt reset password every 3 month any idea to disable it ??? what happening Regards -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project