Ticket https://pagure.io/freeipa/issue/3817 was resolved in 2013 in commit https://pagure.io/freeipa/c/f954f2d1b92db10113b766759897d66c57e1e3ab by setting a cap on maxlife in the password policy so it doesn't overflow.
Ten years later and a user has reported that using 20k resulted in authentication failures due to expired passwords. Seems like it is time to revisit.
This was reported against ipa-4.10.1-8.el9_2
(what happens)
(what do you expect to happen)
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
Any additional information, configuration, data or log snippets that is needed for reproduction or investigation of the issue.
Log file locations: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-files-logs.html Troubleshooting guide: https://www.freeipa.org/page/Troubleshooting
Login to comment on this ticket.