Bug#664596: User seems to missing ability to login via ssh/console after some days]
Forwarded message, as I forgot to cc the debian-edu list:
On Tue, Mar 20, 2012 at 10:00:43PM +0100, Petter Reinholdtsen wrote:
> [Andreas B. Mundt]
> > Just remove the "-maxlife" option completely. Use something like:
> >
> > kadmin.local -q "add_policy -minlength 4 -minclasses 2 user"
>
> What is the default value when -maxlife is not used?
> --
I use a "default" policy created by:
kadmin.local -q "add_policy -minlength 4 -minclasses 2 default"
A user principal foo with this policy shows the following:
root@mainserver:~# kadmin.local
Authenticating as principal root/admin@INTERN with password.
kadmin.local: get_principal foo
Principal: foo@INTERN
Expiration date: [never]
Last password change: Thu Mar 01 20:12:10 CET 2012
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Mar 01 20:12:11 CET 2012 (root/admin@INTERN)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 8
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, Version 5
Key: vno 1, ArcFour with HMAC/md5, Version 5
Key: vno 1, Triple DES cbc mode with HMAC/sha1, Version 5
Key: vno 1, DES cbc mode with CRC-32, Version 5
Key: vno 1, DES cbc mode with RSA-MD5, Version 4
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - No Realm
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - Realm Only
Key: vno 1, DES cbc mode with RSA-MD5, AFS version 3
MKey: vno 1
Attributes: REQUIRES_PRE_AUTH
Policy: default
kadmin.local:
So the default seems to be:
Password expiration date: [none]
Regards,
Andi
----------------------------------
A N D R E A S B. M U N D T
GPG key: 4096R/617B586D 2010-03-22 Andreas B. Mundt--<andreas.b.mundt@web.de>
Andreas B. Mundt--<andi.mundt@web.de>
============================================================================
Reply to: