password expiration field set to none after password change
Greg Hudson
ghudson at MIT.EDU
Wed Oct 13 13:46:35 EDT 2010
On Wed, 2010-10-13 at 11:23 -0400, peter sands wrote:
> I have a script that goes round and changes the expiration for another
> 30 days, so that's OK. But is there a way the value for password
> expiration can be constant and not reset.
Create a password policy, set its maxlife parameter, and associate that
policy with the user principals (perhaps with a script). Example:
addpol -maxlife "30 days" users
modprinc -policy users user1
Or, if you already have a password policy for user principals, just use
something like:
modpol -maxlife "30 days" policyname
> (using aix nas/kerberos 5)
I think the functionality I've described has been in MIT krb5 for a long
time, and thus should be present in the version you're using, but I
can't be certain.
More information about the Kerberos
mailing list