On 9/22/20 2:56 PM, Bryan K. Walton wrote:
I'm looking at the RH documentation for passwordMaxSeqSets, found
Their wording seems a little unclear, to me.
Sorry, I 100% agree...
The paragraph, before the
example states: "If you set the passwordMaxSeqSets parameter to a
value higher than 0, Directory Server rejects passwords with duplicate
monotonic sequences exceeding the length set in the parameter."
But, in their example, they list a password with two sequences of "XYZ".
And they say that setting the value to 2 would prevent that password.
But according to the paragraph before the example, shouldn't it be set
Yeah it is worded strangely, but the documentation is sort of correct.
Setting it to "2" means you can NOT have two or more sequence sets that
have a length of 2 characters. I'll open a doc bug to get that
I have passwordMaxSequence set to 3. Can somebody clarify how
passwordMaxSeqSets should be set to prevent any duplicate sequences?
Setting passwordMaxSeqSets rejects any duplicate sequence, but that
sequence length must be the _same_ or higher than the setting.
So i you want to reject duplicate sequences then set passwordMaxSeqSets
to the length of sequence you want to check. For example, if you want to
reject duplicate sequences where the sequence length is 4 or higher
(e.g. bcde), then you set passwordMaxSeqSets to 4.
But if you were only concerned about a single sequence, then it's a
little different. If you want to reject a single sequence of 4
characters or more then you set passwordMaxSequence to 3 (as 4 would be
exceeding the max). So it's a bit inconsistent between these two
If you still have questions, and you probably do, please let me know.
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
389 Directory Server Development Team