[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy: pwdInHistory attribute



2015-03-18 18:21 GMT+01:00 Esther Garcia <fulletverde@gmail.com>:
> Hello,
>
> We have installed an openldap server 2.4.23-34 on RHEL 6.5 with ppolicy
> enabled.
>
> # Standard, Policies
> dn: cn=Standard,ou=Policies,dc=test,dc=es
> cn: Standard
> description: Standard password policy.
> pwdAttribute: userPassword
> pwdCheckQuality: 1
> pwdMinLength: 8
> pwdLockout: TRUE
> pwdMustChange: TRUE
> pwdAllowUserChange: TRUE
> objectClass: device
> objectClass: pwdPolicy
> pwdSafeModify: FALSE
> pwdFailureCountInterval: 3
> pwdGraceAuthNLimit: 0
> pwdLockoutDuration: 1200
> pwdMaxFailure: 10
> pwdMinAge: 10
> pwdMaxAge: 31536000
> pwdExpireWarning: 0
> pwdInHistory: 5
>
>
> All ppolicy attributtes except pwdInHistory are working. We store passwords
> encrypted in the directory.
>
> Is there any way to have pwdInHistory attribute working with encrypted
> passwords stored in the directory?
>

It won't work if the password modification is done with an encrypted
password, or when it is done as rootdn. Are you in one of this case?

Moreover, your version is quite old and you are encouraged to upgrade.


Clément.