[31366] in Kerberos
Re: Password expiration problem
daemon@ATHENA.MIT.EDU (Tom Yu)
Wed Aug 12 11:11:26 2009
To: jblaine@kickflop.net
From: Tom Yu <tlyu@mit.edu>
Date: Wed, 12 Aug 2009 11:10:53 -0400
In-Reply-To: <1f115fbfc0793e0f6813eaee5ffd20c5.squirrel@webmail.kickflop.net>
(jblaine@kickflop.net's message of "Wed,
12 Aug 2009 08:01:31 -0700")
Message-ID: <ldvk5192hky.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
jblaine@kickflop.net writes:
> I'm confused about password expiration. We have users
> who are getting their future password expiration date set
> to 14 days from the last time they changed it. What are
> we doing wrong?
>
> This is MIT Kerberos 1.6.x
>
> kadmin: getprinc gut
> Principal: gut@FOO.COM
> Expiration date: [never]
> Last password change: Mon Aug 10 15:25:44 EDT 2009
> Password expiration date: Mon Aug 24 15:25:44 EDT 2009
> Maximum ticket life: 7 days 00:00:00
> Maximum renewable life: 14 days 00:00:00
> Last modified: Mon Aug 10 15:25:44 EDT 2009 (kadmind@FOO.COM)
> Last successful authentication: [never]
> Last failed authentication: [never]
> Failed password attempts: 0
> Number of keys: 2
> Key: vno 7, Triple DES cbc mode with HMAC/sha1, no salt
> Key: vno 7, DES cbc mode with CRC-32, no salt
> Attributes:
> Policy: RCFUsers
>
> kadmin: getpol RCFUsers
> Policy: RCFUsers
> Maximum password life: 1209600
= 60 * 60 * 24 * 14
It looks to me like it's doing exactly as you asked it to, unless I'm
misunderstanding your question.
> Minimum password life: 0
> Minimum password length: 6
> Minimum number of password character classes: 2
> Number of old keys kept: 1
> Reference count: 130
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
