I have to change my pwd first to update the expiration date after your
fix:
root@tjener:~# kadmin.local -q modpol -maxlife 0secs users
Authenticating as principal root/admin@INTERN with password.
root@tjener:~# echo getprinc berham |kadmin.local |grep -i passw
Authenticating as principal
It is not a bug,
it is a feature of kerberos, I think.
Regards
Giorgio
On Sun, Mar 25, 2012 at 12:24:33PM +0200, Bernhard Hammes wrote:
I have to change my pwd first to update the expiration date after your
fix:
root@tjener:~# kadmin.local -q modpol -maxlife 0secs users
Authenticating as
On Tue, Mar 20, 2012 at 10:47:40PM +0100, Andreas B. Mundt wrote:
On Tue, Mar 20, 2012 at 10:00:43PM +0100, Petter Reinholdtsen wrote:
[Andreas B. Mundt]
Just remove the -maxlife option completely. Use something like:
kadmin.local -q add_policy -minlength 4 -minclasses 2 user
[Wolfgang Schweer]
Yes, in other words the default value seems to be 0.
So one could set it back to the default by executing
kadmin.local -q modpol -maxlife 0secs users
New user accounts should then have: Password expiration date: [none]
It even affected old users:
root@tjener:~#
[Petter Reinholdtsen]
So one could set it back to the default by executing
kadmin.local -q modpol -maxlife 0secs users
New user accounts should then have: Password expiration date: [none]
It even affected old users:
Gah, my mistake. pere was the first user, which si not affected by
On Sat, Mar 24, 2012 at 04:02:59PM +0100, Petter Reinholdtsen wrote:
[Petter Reinholdtsen]
So one could set it back to the default by executing
kadmin.local -q modpol -maxlife 0secs users
New user accounts should then have: Password expiration date: [none]
It even affected old
[Wolfgang Schweer]
Please check this script.
Seem to work fine on my test server, but I propose a slightly more
efficient grep line and a bit more robust handling of the first user.
Also propose to add more information in the comment to have an idea
four year from now that the script is
On Tue, Mar 20, 2012 at 10:00:43PM +0100, Petter Reinholdtsen wrote:
[Andreas B. Mundt]
Hi,
Hi.
Just remove the -maxlife option completely. Use something like:
kadmin.local -q add_policy -minlength 4 -minclasses 2 user
The default policy I think is 1year, but I'm not sure of
Hi all,
On Mi 21 Mär 2012 07:15:17 CET Giorgio Pioda wrote:
On Tue, Mar 20, 2012 at 10:00:43PM +0100, Petter Reinholdtsen wrote:
[Andreas B. Mundt]
Hi,
Hi.
Just remove the -maxlife option completely. Use something like:
kadmin.local -q add_policy -minlength 4 -minclasses 2 user
-03-19 skrev Mike Gabriel mike.gabr...@das-netzwerkteam.de:
Från: Mike Gabriel mike.gabr...@das-netzwerkteam.de
Ämne: Re: Bug#664596: User seems to missing ability to login via ssh/console
after some days
Till: debian-edu@lists.debian.org
Datum: måndag 19 mars 2012 23:20
Hi Alf,
On Mo 19 Mär
-03-19 skrev Mike Gabriel
mike.gabr...@das-netzwerkteam.de*:
Från: Mike Gabriel mike.gabr...@das-netzwerkteam.de
Ämne: Re: Bug#664596: User seems to missing ability to login via
ssh/console after some days
Till: debian-edu@lists.debian.org
Datum: måndag 19 mars 2012 23:20
Hi Alf,
On Mo
[Alf Tonny Bätz]
Are trying to find out more about this, and will give out more info
as i find it
Can you try the following while logged in as the problematic user,
before and after the problem occur.
LDAP bind password checking:
ldapwhoami -Z -W -D $(ldapsearch -x (uid=$(whoami))|awk
I was able to sit down with Alf Tonny and look at this issue, and we
believe we figured out the problem. The Kerberos passwords are set in
policy to expire after two days (172800 seconds). To see if this is
the case for your user(s), use this (replace ldapuser with one of your
local users):
[Petter Reinholdtsen]
Anyone got any ideas how to properly fix this?
I suspect this patch will solve it for first time installations. We
need to figure out how to fix it for existing installations too.
Index: share/debian-edu-config/tools/kerberos-kdc-init
In my experience with kerberos updating the policies
will NOT affect directly the principals. First
you have to change the policies and then reset passwords with cpw.
Cheers
Giorgio
On Tue, Mar 20, 2012 at 08:39:29PM +0100, Petter Reinholdtsen wrote:
I was able to sit down with Alf Tonny and
Hi,
On Tue, Mar 20, 2012 at 09:04:54PM +0100, Petter Reinholdtsen wrote:
[Petter Reinholdtsen]
Anyone got any ideas how to properly fix this?
Just remove the -maxlife option completely. Use something like:
kadmin.local -q add_policy -minlength 4 -minclasses 2 user
Regards,
[Andreas B. Mundt]
Hi,
Hi.
Just remove the -maxlife option completely. Use something like:
kadmin.local -q add_policy -minlength 4 -minclasses 2 user
What is the default value when -maxlife is not used?
--
Happy hacking
Petter Reinholdtsen
--
To UNSUBSCRIBE, email to
[George]
Hi,
Hi.
I also try to log in to thinclient using ssh from server. I get the
question about saving the key and then it asks for a password. I log
in as the user I created when installing skolelinux, and I even tried
as another user created via GOsa. The only answer I get back from
On Tue, Mar 20, 2012 at 10:00:43PM +0100, Petter Reinholdtsen wrote:
[Andreas B. Mundt]
Just remove the -maxlife option completely. Use something like:
kadmin.local -q add_policy -minlength 4 -minclasses 2 user
What is the default value when -maxlife is not used?
--
I use a
Forwarded message, as I forgot to cc the debian-edu list:
On Tue, Mar 20, 2012 at 10:00:43PM +0100, Petter Reinholdtsen wrote:
[Andreas B. Mundt]
Just remove the -maxlife option completely. Use something like:
kadmin.local -q add_policy -minlength 4 -minclasses 2 user
What is the
package: debian-edu-config
severity: minor
version: squeeze
Have come over a problem with that a user cant after some days loging with ssh.
The users password works in gosa, and only way to activate login with
ssh again, is to change the password, and login with ssh works again
for some days.
Hi Alf,
On Mo 19 Mär 2012 09:24:51 CET Alf Tonny Bätz wrote:
package: debian-edu-config
severity: minor
version: squeeze
Have come over a problem with that a user cant after some days
loging with ssh.
The users password works in gosa, and only way to activate login with
ssh again, is to
22 matches
Mail list logo