Password history is not being enforced by the directory server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bliss, Aaron wrote:

>I'm not sure why, but for some reason the directory servers are not
>enforcing password history policies.  I've set the policy from within
>the fds console at the data level (as described in directory server
>documentation).
>
Did you set "Enable fine-grained password policy" under the 
Configuration tab -> Data node -> Passwords tab?  Because the console 
will allow you to configure the fine grained password policy under the 
Directory tab even if this is not set, but it will not take effect.

>Here is a sample ldap.conf file:
>
>pam_password exop
>pam_password clear
>pam_password md5
>ssl start_tls
>ssl on
>
>I'm running fds 1.0.1 on a redhat 4 box (actually have 2 directory
>servers, I've set this policy on both servers, supplier consumer
>replication is setup between them.
>
>I've verified that this is not enforced regardless if the client has ssl
>enabled or not.
>
Did you try ldapmodify from the command line to see if the problem is 
with FDS or with PAM?  e.g.
ldapmodify -D "uid=user,ou=people,dc=company,dc=com" -w currentpassword
dn: uid=user,ou=people,dc=company,dc=com
changetype: modify
replace: userPassword
userPassword: passwordinhistory

>Please advise as this is a highly critical issue that I
>must get fixed in order to move this into production.  Thanks very much.
>
>Aaron
>
>www.preferredcare.org
>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates
>
>Confidentiality Notice:
>The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information.  If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited.  If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060119/b54f6b7e/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux