[krbdev.mit.edu #8393] Password Expiration "Never" Inconsistently Applied
Ryan Slominski via RT
rt-comment at krbdev.mit.edu
Mon Apr 18 17:37:20 EDT 2016
If you set password expiration to "never" in a policy the result upon creating a principal with that policy is a password expiration with a value of 0 which is interpreted as the beginning of the epoch (1969). If you set the password expiration to "never" via addprinc / modprinc the result is a value of "none" when queried with getprinc. This is inconsistent.
Smaller related issues include:
1. The inconsistency between flags: -pwexpire for addprinc / modprinc versus -maxlife for addpol / modpol.
2. The inconsistency between -pwexpire input of "never" with getprinc output of "none" (what you get out should be identical to what you put in).
More information about the krb5-bugs
mailing list