Bug 820984

Summary: Document password policy change behaviour
Product: Red Hat Enterprise Linux 6 Reporter: Dmitri Pal <dpal>
Component: doc-Identity_Management_GuideAssignee: Deon Ballard <dlackey>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3CC: jskeoch, mkosek
Target Milestone: rcKeywords: Documentation
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-09 20:34:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitri Pal 2012-05-11 13:40:39 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2745

Document difference between "Max lifetime (days)" in password policy and actual Kerberos Password Expiration time (i.e. krbPasswordExpiration attribute).

Copied from mailing list, see link below:
Documentation:
* Full meaning for this attribute krbPasswordExpiration
* The difference between Max lifetime (days) & krbPasswordExpiration
* How to change ldap expiration entries.

Details are on mailing list (including "change ldap expiration entries" part):
https://www.redhat.com/archives/freeipa-users/2012-May/msg00160.html
Comment 2 Deon Ballard 2012-06-27 02:57:15 UTC 
Added a section here:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pwd-expiration.html
Comment 3 John Skeoch 2012-06-28 05:57:35 UTC 
checked in:

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pwd-expiration.html

Red_Hat_Enterprise_Linux-Identity_Management_Guide-6-en-US-2.2.0-1

---

11.4. Managing Password Expirations
Password policies are applied at the time a password is changed. So, when a password is set, it conforms to the password policy in effect at that time. If the password policy is changed later, that change is not applied, retroactively, to the password.

Setting password expiration periods is configured as part of the group password policy. Creating and editing password policies (including the expiration attribute in the policy) is covered in Section 11.3, “Creating and Editing Password Policies”.
With password expirations, there are two attibutes that are related: 

[typo] s/attibutes/attributes
[comment] Also after checking the AHD and IBM style guide there are no instances of Expirations, this should be replaced with Expiration.
Comment 4 Deon Ballard 2012-07-02 19:20:43 UTC 
Typos fixed.
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pwd-expiration.html