[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: overlay ppolicy - atribute pwdhistory

To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, openldap-technical@openldap.org
Subject: Re: Antw: overlay ppolicy - atribute pwdhistory
From: DÍEZ BARREIRO, ANA BELÉN <ana.diez@si.upct.es>
Date: Thu, 11 May 2017 13:08:07 +0200
In-reply-to: <59130A4A020000A10002629D@gwsmtp1.uni-regensburg.de>
References: <85fdee58-2d7f-f443-4ff0-79a97c1058f3@si.upct.es> <59130A4A020000A10002629D@gwsmtp1.uni-regensburg.de>
User-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Thunderbird/45.8.0

I know that, but I want to have it like this: that the same password cannot be introduced.

If I put pwdinhistory = 1 it also does not allow putting the previousone (not just the current one). And that should be possible.

Regards,
Ana.

El 10/05/2017 a las 14:40, Ulrich Windl escribió:

DÍEZ BARREIRO, ANA BELÉN <ana.diez@si.upct.es> schrieb am 09.05.2017 um

14:40
in Nachricht <85fdee58-2d7f-f443-4ff0-79a97c1058f3@si.upct.es>:

Hi,

I am using ppolicy overlay and I don't want the user to change the
password by setting the same value.

Usually this is what users do to circumvent such a restriction:
1) Change old pawword to new password
2) Change new password to old password

So a history of size 1 is rather useless, unless you place other restirctions
into effect.
Despite of that UNIX usually refuses a password that is not deifferent from
the current one...

Regards,
Ulrich

If I put pwdinhistory = 1 then the new password can not be the same as
the current one or the previous on (2 values). But with pwdinhistory = 0
you can put the same value.
What would be the solution?

Thanks!

References:
- overlay ppolicy - atribute pwdhistory
  - From: DÍEZ BARREIRO, ANA BELÉN <ana.diez@si.upct.es>

Prev by Date: Re: Error adding schema: empty AttributeDescription
Next by Date: Re: overlay ppolicy - atribute pwdhistory
Index(es):
- Chronological
- Thread