[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password policy questions

To: Quanah Gibson-Mount <quanah@symas.com>
Subject: Re: Password policy questions
From: Ervin Hegedüs <airween@gmail.com>
Date: Thu, 20 Sep 2018 18:54:37 +0200
Cc: openldap-technical@openldap.org
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=XKi4m9ATSAY1FiRRWicnteoTbvP3wIRtYkDaadRK1BE=; b=SjxIzkh7yPtaB8IC3TojTHtdf4p89tkWXNuQFMjcThS7LPLikgIN6mVWLbEr7NcTzQ cgUUxofr+ICWmJmemgGE+xM0/mrt6JbR8nuIoHFDbhpAP1PUZ+JCeOLpJdyx0iWXpvur luyOzQGljQXEMubCO3rqy9eMbMFu2UApu0V4LAwJDvpvGajwTCr8xT8AFAkmhcPECYvV Tp4qVyvhxwEridqWRnrkanUJEmzG1LFp02tfMwPgp8IDnhfOzFAkh22HXJu06eSrIHdy 5qeYVMrcYu2ODBYiv+q+S98uRsTySw1si0cK2Ea4GZl3GOV7l7HnUtjsG4Pk3F4e3jkK 0zaw==
In-reply-to: <DA092ED7A0095DAFBA25BF6E@[192.168.1.39]>
References: <20180920154911.GB31224@arxnet.hu> <DA092ED7A0095DAFBA25BF6E@[192.168.1.39]>
User-agent: Mutt/1.5.24 (2015-08-30)

Hi Quanah,

thanks for reply,

On Thu, Sep 20, 2018 at 09:42:02AM -0700, Quanah Gibson-Mount wrote:
> --On Thursday, September 20, 2018 6:49 PM +0200 Ervin Hegedüs
> <airween@gmail.com> wrote:
> 
> 
> >Is it right?
> 
> Yes.  ppolicy is only triggered by password changes that use the LDAPv3
> Password Modify (RFC 3062) extended operation.

so, it means that the users can bypass with a simple ldapmodify?


> >How can I validate the policy for all methods?
> 
> See above.

but then why history stored and evaulated, but length doesn't?


a.

References:
- Password policy questions
  - From: Ervin Hegedüs <airween@gmail.com>
- Re: Password policy questions
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: Password policy questions
Next by Date: Re: Password policy questions
Index(es):
- Chronological
- Thread