Philip Kime wrote: >> Effective policy is determined by new_passwdPolicy() which considers >> > the modification > >> initiated by the password change extop to be internal and local policy >> > is not > >> retrieved. >> > > I suspected as much - this should probably go in the password policy > section of the documentation as there are all sorts of recommendations > flying round the Web for setting pam_password to "exop" to allow > password changes to work properly. It does indeed work but as you say, > it bypasses all password policies (except global ones it seems). > > I didn't mean to imply that it's intentional or that it should be this way, just giving you a hand with the analysis. I have some changes around this area of password policy that aren't committed and might complicate a potential fix, I've filed a bug for you to keep track: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216522 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20061120/7b53b5cc/attachment.html
