st password
changed and not the current date? Am I correct?
-Original Message-
From: Greg Hudson [mailto:ghud...@mit.edu]
Sent: Monday, March 28, 2016 4:54 PM
To: Ramaiah, Vanna G.; kerberos@mit.edu
Subject: Re: How to expire passwords for Kerberos user accounts
On 03/28/2016 02:3
On 03/29/2016 03:10 PM, William Clark wrote:
> I believe there is an error in the commands you have given out. If you use
> the -expire switch it sets an expiry date on the principal itself and not the
> principal PW. I believe the switch you need is -pwexpire. Correct me if I
> am wrong, but
I believe there is an error in the commands you have given out. If you use the
-expire switch it sets an expiry date on the principal itself and not the
principal PW. I believe the switch you need is -pwexpire. Correct me if I am
wrong, but I tested with my KDC’s and confirmed.
William Clark
On 03/28/2016 05:17 PM, Ramaiah, Vanna G. wrote:
> Got it. For the new users, do I have to run "kadmin: modprinc -expire "180
> days" newprinc" or will the pwexpire field be set when the account is created?
As long as you set the policy when you create the new principal
("addprinc -policy userpo
, Vanna G.; kerberos@mit.edu
Subject: Re: How to expire passwords for Kerberos user accounts
On 03/28/2016 05:08 PM, Ramaiah, Vanna G. wrote:
> For existing accounts, I can run "kadmin: modprinc -policy userpolicy
> oldprinc"
> Why do I have to run this command "kadmin:
On 03/28/2016 05:08 PM, Ramaiah, Vanna G. wrote:
> For existing accounts, I can run "kadmin: modprinc -policy userpolicy
> oldprinc"
> Why do I have to run this command "kadmin: modprinc -expire "180 days"
> oldprinc", if the policy is already applied?
The KDC only pays attention to the pwexpir
t.edu]
Sent: Monday, March 28, 2016 5:05 PM
To: Ramaiah, Vanna G.; kerberos@mit.edu
Subject: Re: How to expire passwords for Kerberos user accounts
On 03/28/2016 05:00 PM, Ramaiah, Vanna G. wrote:
> Thank you. How to exclude service accounts from this password expiration? I
> guess, If I don
On 03/28/2016 05:00 PM, Ramaiah, Vanna G. wrote:
> Thank you. How to exclude service accounts from this password expiration? I
> guess, If I don't run the command "kadmin: modprinc -policy userpolicy
> oldprinc" for service accounts and create a policy with name other than
> default, service acc
Is that correct?
-Original Message-
From: Greg Hudson [mailto:ghud...@mit.edu]
Sent: Monday, March 28, 2016 4:54 PM
To: Ramaiah, Vanna G.; kerberos@mit.edu
Subject: Re: How to expire passwords for Kerberos user accounts
On 03/28/2016 02:30 PM, Ramaiah, Vanna G. wrote:
> We have a state mandated
On 03/28/2016 02:30 PM, Ramaiah, Vanna G. wrote:
> We have a state mandated rule that we have to expire the password of user
> accounts every 180 days. Could you please let me know how to do that for all
> current users and new users in Kerberos? Should I apply a policy using
> -maxlife?
You li
We have a state mandated rule that we have to expire the password of user
accounts every 180 days. Could you please let me know how to do that for all
current users and new users in Kerberos? Should I apply a policy using -maxlife?
Thank,
Vanna
Ke
11 matches
Mail list logo
