Sorry, I 100% agree...I'm looking at the RH documentation for passwordMaxSeqSets, found here: https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-passwordMaxSeqSets Their wording seems a little unclear, to me.
Yeah it is worded strangely, but the documentation is sort of correct. Setting it to "2" means you can NOT have two or more sequence sets that have a length of 2 characters. I'll open a doc bug to get that clarified this...The paragraph, before the example states: "If you set the passwordMaxSeqSets parameter to a value higher than 0, Directory Server rejects passwords with duplicate monotonic sequences exceeding the length set in the parameter." But, in their example, they list a password with two sequences of "XYZ". And they say that setting the value to 2 would prevent that password. But according to the paragraph before the example, shouldn't it be set to 1?
I have passwordMaxSequence set to 3. Can somebody clarify how passwordMaxSeqSets should be set to prevent any duplicate sequences?
Setting passwordMaxSeqSets rejects any duplicate sequence, but that sequence length must be the same or higher than the setting.
So i you want to reject duplicate sequences then set
passwordMaxSeqSets to the length of sequence you want to check.
For example, if you want to reject duplicate sequences where the
sequence length is 4 or higher (e.g. bcde), then you set
passwordMaxSeqSets to 4.
But if you were only concerned about a single sequence, then it's a little different. If you want to reject a single sequence of 4 characters or more then you set passwordMaxSequence to 3 (as 4 would be exceeding the max). So it's a bit inconsistent between these two settings :-(
If you still have questions, and you probably do, please let me know.
Mark
Thanks, Bryan _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
-- 389 Directory Server Development Team
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
