On 01/07/2011 01:51 PM, harry.devine@xxxxxxx wrote:
In the Directory Server GUI,
under the
Configuration tab, I have:
Passwords:
Enable
fine-grained password policy (checked)
User
Password Change:
User must change password after reset (checked)
User may change password (checked)
Allow changes in 2 days
Keep password history: Remember 5 passwords
Password
expiration:
Password expires after 90 days
Send warning 10 days before password expires
Allow up to 1 login attempt(s) after password
expires
Password
syntax:
Check password syntax (unchecked)
Password
Encryption: SSHA
Account Lockout:
Accounts
may be locked out (checked)
Password
lockout
Lockout account after 3 login failures
Reset failure count after 10 minutes
Lockout duration 30 minutes
In the Directory tab, I
right-click
on People, then select "Manage Password Policy" -> For
subtree:
Passwords:
Fine-grained
subtree policy enabled (checked)
User
Password Change:
User must change password after reset (checked)
User may change password (checked)
Allow changes in 2 days
Keep password history: Remember 5 passwords
Password
expiration:
Password expires after 90 days
Send warning 10 days before password expires
Allow up to 1 login attempt(s) after password
expires
Password
syntax:
Check password syntax (unchecked)
Password
Encryption: SSHA
Account Lockout:
Accounts
may be locked out (checked)
Password
lockout
Lockout account after 3 login failures
Reset failure count after 10 minutes
Lockout duration 30 minutes
I don't have any specific user
password
policy at this time. When I modify a user's password, I can log
in
from another PC via SSH as that user using the changed password,
but I'm
never told it has to be changed.
In the user's entry, when changing the password, also change the
attribute passwordExpirationTime to 0. This should trigger the
reset password code. Note that the attribute passwordExpirationTime
is an operational attribute.
Thanks,
Harry
Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine@xxxxxxx
On 01/07/2011 01:23 PM, harry.devine@xxxxxxx
wrote:
Nope. Didn't work. I edited the entry, put in another
password,
then login using the new password and never get prompted to
change it.
I saw something online here: http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management.html#Managing_the_Password_Policy-Setting_User_Passwords.
Section 13.1.1.5 says something about a bug in Directory
Server.
Are you using per-user/per-subtree (i.e.
Fine-Grained)
password policy? If not, then that section does not apply.
Can you post all of your password policy configuration?
Is that something that I should
follow
or is that doc outdated?
Thanks,
Harry
Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine@xxxxxxx
On 01/07/2011 01:02 PM, harry.devine@xxxxxxx
wrote:
In my 389-ds setup, I have a password policy in place where the
user must
change their password after a reset, they are allowed to change
their password,
and it expires after 90 days. However, I cannot find where the
Directory
Manager can actually RESET a user's password. The docs are very
vague
in this area IMO, so I'm sure I overlooked it.
Not sure, but you may be able to login as directory manager,
edit the user's
entry, and change the password to some bogus value.
Where do I go in the console to reset a particular user's
password so they
will be prompted to change it when they log in again?
Thanks,
Harry
Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine@xxxxxxx
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
|
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
