On 12/04/2013 12:10 PM, Natxo Asenjo wrote: > On Wed, Dec 4, 2013 at 12:05 PM, Martin Kosek <[email protected]> wrote: >> On 12/04/2013 11:53 AM, Natxo Asenjo wrote: >>> On Wed, Dec 4, 2013 at 11:44 AM, Natxo Asenjo <[email protected]> >>> wrote: >>>> On Wed, Dec 4, 2013 at 10:59 AM, Исаев Виталий Анатольевич >>>> <[email protected]> wrote: >>> To change a value: >>> $ ipa pwpolicy-mod global_policy --lockouttime=INT >>> >>> (where INT is the number of seconds you want the lock to be >>> implemented, set it to a huge number, like 946080000 in practice 30 ( >>> 3600 secs * 24 hours * 365 days * 30 years ) years is like a life >>> sentence ;-) - the accounts). >>> >> >> Right, though I am not sure if it would not hit Kerberos limitation for too >> large timestamps. >> >> Alternatively, you can set the Lockout Duration to 0, this should lock out >> the >> account permanently after the number of tries was breached. > > cool, is that documented? I could not find it in ipa help pwpolicy-mod
That's a good question. I did not find any trace of it so I filed a ticket to document it: https://fedorahosted.org/freeipa/ticket/4065 Martin _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
