Bliss, Aaron wrote:
I'm not sure why, but for some reason the directory servers are
not
enforcing password history policies. I've set the policy from within
the fds console at the data level (as described in directory server
documentation).
Did you set "Enable fine-grained password policy" under the
Configuration tab -> Data node -> Passwords tab? Because the console
will allow you to configure the fine grained password policy under the
Directory tab even if this is not set, but it will not take effect.
Here is a sample ldap.conf file:
pam_password exop
pam_password clear
pam_password md5
ssl start_tls
ssl on
I'm running fds 1.0.1 on a redhat 4 box (actually have 2 directory
servers, I've set this policy on both servers, supplier consumer
replication is setup between them.
I've verified that this is not enforced regardless if the client has ssl
enabled or not.
Did you try ldapmodify from the command line to see if the problem is
with FDS or with PAM? e.g.
ldapmodify -D "uid=user,ou=people,dc=company,dc=com" -w currentpassword
dn: uid=user,ou=people,dc=company,dc=com
changetype: modify
replace: userPassword
userPassword: passwordinhistory
Please advise as this is a highly critical issue that I
must get fixed in order to move this into production. Thanks very much.
Aaron
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and
Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of
the individual or entity named above and may contain privileged or confidential
information. If the reader of this message is not the intended recipient or the employee
or agent responsible to deliver it to the intended recipient, you are hereby notified that
dissemination, distribution or copying of this information is prohibited. If you have
received this communication in error, please notify the sender immediately by telephone
and destroy the copies you received.
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users