On Sun, 2006-01-08 at 21:32 +0100, Jo De Troy wrote: > Hello, > > I'm using FDS 1.0.1 on RHEL 4 > I've setup a global password policy and I've enabled password history > of 5 passwords via the console. > When I login through ssh with and LDAP user and I change the user's > password via 'passwd' it seems I am able to use older password. Can > anybody point me to what I'm probably doing wrong? Has anyone > experienced the same problem? What am I doing wrong? > Or does the password history not work when changing the password > through passwd? > > Thanks in advance, > Jo If the client is a Linux box, make sure you have this set in /etc/ldap.conf: pam_password clear Otherwise what is being passed to the directory server is the hashed password, and the password history comparison will not find a match. The DS will take the clear password, and encrypt it with matching salts/method to see if the new password matches what's in the history. You will also want to enable LDAPS or SSL/TLS so your passwords are not going across the wire in the clear. Hope this helps, Jamie -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
