How to expire passwords for Kerberos user accounts

[Greg Hudson]

On 03/28/2016 05:17 PM, Ramaiah, Vanna G. wrote:
> Got it. For the new users, do I have to run  "kadmin: modprinc -expire "180 days" newprinc" or will the pwexpire field be set when the account is created?

As long as you set the policy when you create the new principal
("addprinc -policy userpolicy"), the policy's maximum lifetime will be
applied when the password is first set.