Re: Bug#664596: User seems to missing ability to login via ssh/console after some days
Hi,
On Tue, Mar 20, 2012 at 09:04:54PM +0100, Petter Reinholdtsen wrote:
> [Petter Reinholdtsen]
> > Anyone got any ideas how to properly fix this?
Just remove the "-maxlife" option completely. Use something like:
kadmin.local -q "add_policy -minlength 4 -minclasses 2 user"
Regards,
Andi
> I suspect this patch will solve it for first time installations. We
> need to figure out how to fix it for existing installations too.
>
> Index: share/debian-edu-config/tools/kerberos-kdc-init
> ===================================================================
> --- share/debian-edu-config/tools/kerberos-kdc-init (revisjon 77105)
> +++ share/debian-edu-config/tools/kerberos-kdc-init (arbeidskopi)
> @@ -237,8 +237,9 @@
> kadmin.local -q "ktadd -k /etc/krb5.keytab.smtp smtp/tjener.intern"
> chown Debian-exim:Debian-exim /etc/krb5.keytab.smtp
>
> - # Kerberos policy setup
> - kadmin.local -q "addpol -maxlife \"2 days\" -minlength 5 users"
> + # Kerberos policy setup. Make sure passwords never expire, as
> + # long as LDAP and Samba passwords do not expire.
> + kadmin.local -q "addpol -maxlife never -minlength 5 users"
> kadmin.local -q "addpol -minclasses 2 hosts"
> }
>
>
> Anyone know why the -maxlife "2 days" were there in the first place?
> --
> Happy hacking
> Petter Reinholdtsen
>
>
>
> --
> To UNSUBSCRIBE, email to debian-edu-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 20120320200454.GF18504@login2.uio.no">http://lists.debian.org/[🔎] 20120320200454.GF18504@login2.uio.no
>
--
----------------------------------
A N D R E A S B. M U N D T
GPG key: 4096R/617B586D 2010-03-22 Andreas B. Mundt--<andreas.b.mundt@web.de>
Andreas B. Mundt--<andi.mundt@web.de>
============================================================================
Reply to: