[32810] in Kerberos
Re: password expiration field set to none after password change
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Oct 13 13:46:43 2010
From: Greg Hudson <ghudson@mit.edu>
To: peter sands <peter_sands@techemail.com>
In-Reply-To: <5e92bd94-01c0-4d9e-9034-03ff51cada2c@y3g2000vbm.googlegroups.com>
Date: Wed, 13 Oct 2010 13:46:35 -0400
Message-ID: <1286991995.19112.355.camel@ray>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, 2010-10-13 at 11:23 -0400, peter sands wrote:
> I have a script that goes round and changes the expiration for another
> 30 days, so that's OK. But is there a way the value for password
> expiration can be constant and not reset.
Create a password policy, set its maxlife parameter, and associate that
policy with the user principals (perhaps with a script). Example:
addpol -maxlife "30 days" users
modprinc -policy users user1
Or, if you already have a password policy for user principals, just use
something like:
modpol -maxlife "30 days" policyname
> (using aix nas/kerberos 5)
I think the functionality I've described has been in MIT krb5 for a long
time, and thus should be present in the version you're using, but I
can't be certain.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
