[31367] in Kerberos
Re: Password expiration problem
daemon@ATHENA.MIT.EDU (jblaine@kickflop.net)
Wed Aug 12 13:53:07 2009
Message-ID: <5536b1bc53d6009b7148eb14208188dd.squirrel@webmail.kickflop.net>
In-Reply-To: <ldvk5192hky.fsf@cathode-dark-space.mit.edu>
Date: Wed, 12 Aug 2009 10:52:31 -0700
From: jblaine@kickflop.net
To: "Tom Yu" <tlyu@mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Oops. Thanks Tom.
> jblaine@kickflop.net writes:
>
>> I'm confused about password expiration. We have users
>> who are getting their future password expiration date set
>> to 14 days from the last time they changed it. What are
>> we doing wrong?
>>
>> This is MIT Kerberos 1.6.x
>>
>> kadmin: getprinc gut
>> Principal: gut@FOO.COM
>> Expiration date: [never]
>> Last password change: Mon Aug 10 15:25:44 EDT 2009
>> Password expiration date: Mon Aug 24 15:25:44 EDT 2009
>> Maximum ticket life: 7 days 00:00:00
>> Maximum renewable life: 14 days 00:00:00
>> Last modified: Mon Aug 10 15:25:44 EDT 2009 (kadmind@FOO.COM)
>> Last successful authentication: [never]
>> Last failed authentication: [never]
>> Failed password attempts: 0
>> Number of keys: 2
>> Key: vno 7, Triple DES cbc mode with HMAC/sha1, no salt
>> Key: vno 7, DES cbc mode with CRC-32, no salt
>> Attributes:
>> Policy: RCFUsers
>>
>> kadmin: getpol RCFUsers
>> Policy: RCFUsers
>> Maximum password life: 1209600
>
> = 60 * 60 * 24 * 14
>
> It looks to me like it's doing exactly as you asked it to, unless I'm
> misunderstanding your question.
>
>> Minimum password life: 0
>> Minimum password length: 6
>> Minimum number of password character classes: 2
>> Number of old keys kept: 1
>> Reference count: 130
>
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
