[37457] in Kerberos
RE: How to expire passwords for Kerberos user accounts
daemon@ATHENA.MIT.EDU (Ramaiah, Vanna G.)
Mon Mar 28 17:08:34 2016
From: "Ramaiah, Vanna G." <ramaiah@musc.edu>
To: Greg Hudson <ghudson@mit.edu>, "kerberos@mit.edu" <kerberos@mit.edu>
Date: Mon, 28 Mar 2016 21:08:13 +0000
Message-ID: <AE3FEB1BD25D22479E9F293EBBF869B9F656A000@exg-mb11b.clinlan.local>
In-Reply-To: <56F99C81.1030708@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
For existing accounts, I can run "kadmin: modprinc -policy userpolicy oldprinc"
Why do I have to run this command "kadmin: modprinc -expire "180 days" oldprinc", if the policy is already applied?
-----Original Message-----
From: Greg Hudson [mailto:ghudson@mit.edu]
Sent: Monday, March 28, 2016 5:05 PM
To: Ramaiah, Vanna G.; kerberos@mit.edu
Subject: Re: How to expire passwords for Kerberos user accounts
On 03/28/2016 05:00 PM, Ramaiah, Vanna G. wrote:
> Thank you. How to exclude service accounts from this password expiration? I guess, If I don't run the command "kadmin: modprinc -policy userpolicy oldprinc" for service accounts and create a policy with name other than default, service accounts will remain untouched. Is that correct?
Yes, that's correct.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
