Password expiration problem
Tom Yu
tlyu at MIT.EDU
Wed Aug 12 11:10:53 EDT 2009
jblaine at kickflop.net writes:
> I'm confused about password expiration. We have users
> who are getting their future password expiration date set
> to 14 days from the last time they changed it. What are
> we doing wrong?
>
> This is MIT Kerberos 1.6.x
>
> kadmin: getprinc gut
> Principal: gut at FOO.COM
> Expiration date: [never]
> Last password change: Mon Aug 10 15:25:44 EDT 2009
> Password expiration date: Mon Aug 24 15:25:44 EDT 2009
> Maximum ticket life: 7 days 00:00:00
> Maximum renewable life: 14 days 00:00:00
> Last modified: Mon Aug 10 15:25:44 EDT 2009 (kadmind at FOO.COM)
> Last successful authentication: [never]
> Last failed authentication: [never]
> Failed password attempts: 0
> Number of keys: 2
> Key: vno 7, Triple DES cbc mode with HMAC/sha1, no salt
> Key: vno 7, DES cbc mode with CRC-32, no salt
> Attributes:
> Policy: RCFUsers
>
> kadmin: getpol RCFUsers
> Policy: RCFUsers
> Maximum password life: 1209600
= 60 * 60 * 24 * 14
It looks to me like it's doing exactly as you asked it to, unless I'm
misunderstanding your question.
> Minimum password life: 0
> Minimum password length: 6
> Minimum number of password character classes: 2
> Number of old keys kept: 1
> Reference count: 130
More information about the Kerberos
mailing list