https://fedorahosted.org/389/ticket/48833
There are 2 proposals. I'd like to have your thoughts which one would
be preferable.
https://fedorahosted.org/389/attachment/ticket/48833/0001-Ticket-48833-389-showing-inconsistent-values-for-sha.2.patch
git patch file (master) -- second proposal -- this patch allows the
password policy values and shadow account values in sync.
If we choose this option, DS Console Password Policy panel needs to be
modified to support the larger value than INT_MAX.
https://fedorahosted.org/389/attachment/ticket/48833/0001-Ticket-48833-389-showing-inconsistent-values-for-sha.patch
git patch file (master) -- first proposal -- shadow account values won't
be touched if they already exist in an entry.
Restrictions:
1. If objectclass: shadowaccount is set and there is no shadow account
values in an entry, the shadowmax, min, and warning are filled by
calculating them from the password policy values. The maximum value of
calculated shadowMax is 24855 (== 2^31-1 / (24 * 60 * 60)).
2. Even if the values of the password policy are updated, shadow account
values are not effected.
--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/389-devel@xxxxxxxxxxxxxxxxxxxxxxx
