[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: What can I use for pwdCheckModule?



Fair enough. Ânow I'm updated
$ rpm -qa |grep openldap
openldap-ltb-2.4.35-1.el6.x86_64
openldap-ltb-check-password-1.1-8.el6.x86_64

I dumped and reimported my database, and tried agian.ÂÂI dont see any difference.

TESTS: Â Â Â Â Â Â Â Â Â Â ÂRESULT:

pwdSafeModify: FALSE Â Â Â ÂPASS: Â Message: LDAP password information update failed: Insufficient access. Â Must supply old password to be changed as well as new one
pwdAllowUserChange: FALSE Â PASS: Â Message: LDAP password information update failed: Insufficient access. Â User alteration of password is not allowed
pwdMaxAge: 300 Â Â Â Â Â Â ÂNot Tested.
pwdExpireWarning: 10 Â Â Â ÂNot Tested.
pwdInHistory: 3 Â Â Â Â Â Â FAIL: Â I can still flip between 2 passwords
pwdMinLength: 12 Â Â Â Â Â ÂFAIL: Â I can still set a 6 char password
pwdMustChange: Â Â Â Â Â Â ÂFAIL: Â I am not forced to change passwd.
pwdMaxFailure: 2 Â Â Â Â Â ÂFAIL: Â Still allowed in after 3 failures





Thanks,
Dan


On Wed, Apr 10, 2013 at 11:57 AM, ClÃment OUDOT <clem.oudot@gmail.com> wrote:


2013/4/10 D C <dc12078@gmail.com>
Here are my results.. ÂAny thoughts as to why this is not working?
As for my ldap version, ÂI'm using the version provided in CentOS 6. ÂI would prefer to use these prepacked builds whenever possible. ÂIf there is an issue where this will not work on that version, then I'll go ahead and upgrade.


TESTS: Â Â Â Â Â Â Â Â Â Â ÂRESULT:
pwdSafeModify: FALSE Â Â Â ÂPASS: Â Message: LDAP password information update failed: Insufficient access. Â Must supply old password to be changed as well as new one
pwdAllowUserChange: FALSE Â PASS: Â Message: LDAP password information update failed: Insufficient access. Â User alteration of password is not allowed
pwdMaxAge: 300 Â Â Â Â Â Â ÂFAIL: Â Login still allowed after 300 seconds.
pwdExpireWarning: 10 Â Â Â ÂFAIL: Â No warning message
pwdInHistory: 3 Â Â Â Â Â Â FAIL: Â I can still flip between 2 passwords
pwdMinLength: 12 Â Â Â Â Â ÂFAIL: Â I can still set a 6 char password
pwdMustChange: Â Â Â Â Â Â ÂFAIL: Â I am not forced to change passwd.
pwdMaxFailure: 2 Â Â Â Â Â ÂFAIL: Â Still allowed in after 6 failures

Other Info:
pwdLockout: Â Â Â Â TRUE
pwdLockoutDuration: 600





As Quanah said, your version is quite old with a lot of bugs on ppolicy. Upgrade to the latest version.


ClÃment.