Bug 556495 - Configure/disable "Warning: Your password will expire in XX days"
Configure/disable "Warning: Your password will expire in XX days"
Product: Fedora
Classification: Fedora
Component: krb5 (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2010-01-18 10:49 EST by Daniel Piddock
Modified: 2010-04-08 15:14 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-04-08 15:14:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Daniel Piddock 2010-01-18 10:49:00 EST
Description of problem:
Any time a user enters their password via pam they are informed the password will expire in XX days. This could be 1 day or 365 days.

Can this be configurable to a sensible number like 7 days?

Version-Release number of selected component (if applicable):

How reproducible:
Every time the password is entered.

Steps to Reproduce:
1. Have a user with a password expiry date set
2. Get that user to login

Actual results:
"Warning: Your password will expire in XX days"

Expected results:
Blessed silence (until a sensible period for giving the warning)

Additional info:
The KDC is running Heimdal 1.2 (from Debian Lenny)
Comment 1 Nalin Dahyabhai 2010-01-18 11:03:10 EST
It's not something pam_krb5 has direct control over, as the message is passed to it by the Kerberos libraries, which hard-code the message.  There are two ways the KDC can report expiration in the protocol, but the client code doesn't behave quite the same for both cases.  Moving this to the krb5 component.
Comment 2 Daniel Piddock 2010-01-18 12:10:37 EST
I had a look through the options on the Heimdal KDC and found the setting there.

Please feel free to NOTABUG

Should it be of interest to anyone else: I set kdc_warn_pwexpire=7d in /etc/heimdal/kdc.conf
Comment 3 Nalin Dahyabhai 2010-04-08 15:14:53 EDT
Okay, dropping the patch we were using from Raw Hide and subsequent updates.

Note You need to log in before you can comment on or make changes to this bug.