[Date Prev][Date Next] [Chronological] [Thread] [Top]

pplolicy lockout grace time?

To: openldap-technical@openldap.org
Subject: pplolicy lockout grace time?
From: Emmanuel Dreyfus <manu@netbsd.org>
Date: Wed, 21 May 2014 14:42:30 +0000
Content-disposition: inline
User-agent: Mutt/1.5.23 (2014-03-12)

Hello

We ran into the following problem: someone changes its password, but
has a few devices with the old password recorderd. Before the user
has time to update stored passwords, an buggy-client hammers servers
with requests using the old password, and get the account locked by 
slapo-ppolicy.

Perhaps there could be a setting in pwdPolicy or in slapd.conf 
so that there is a grace time after a password reset? For instance, 
the admin could configure that slapo-ppolicy should not lock a user
if password has been changed less than X seconds ago.

Opinions?

-- 
Emmanuel Dreyfus
manu@netbsd.org

Follow-Ups:
- Re: pplolicy lockout grace time?
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Locale dependent collation for server side sorting
Next by Date: Re: pplolicy lockout grace time?
Index(es):
- Chronological
- Thread