On Apr 11, 2022, at 14:16, Kaushal Shriyan <kaushalshriyan@xxxxxxxxx> wrote:
OpenLDAP has a variety of mechanisms for performing authentication, listed here: None of the built in mechanisms have any metadata about last changed or any history, it would be up to you to archive them as you changed them. When using SASL, you could possibly be using it against a backend that has that data, but it wouldn’t be accessible via the OpenLDAP server. Anyway, storing passwords is a terrible idea, even worse a history of old passwords. At best you store hashes. Your question reminds me of this classic post about a clueless auditor: I wonder if you have an equally clueless auditor asking the same questions? -- Jonathan Billings |
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
