It appears that this is an issue with the client; if I attempt change a
users password from within fds using a password that I've already used
for that user, I get a warning from fds indicating that it violates
password history rule. However, using passwd from a client allows usage
of old passwords.
Aaron
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard
Megginson
Sent: Thursday, January 19, 2006 10:59 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Password history is not being
enforced by the directory server
Bliss, Aaron wrote:
I'm not sure why, but for some reason the directory servers are
not
enforcing password history policies. I've set the policy from within
the fds console at the data level (as described in directory server
documentation).
Did you set "Enable fine-grained password policy" under the
Configuration tab -> Data node -> Passwords tab? Because the console
will allow you to configure the fine grained password policy under the
Directory tab even if this is not set, but it will not take effect.
Here is a sample ldap.conf file:
pam_password exop
pam_password clear
pam_password md5
ssl start_tls
ssl on
I'm running fds 1.0.1 on a redhat 4 box (actually have 2 directory
servers, I've set this policy on both servers, supplier consumer
replication is setup between them.
I've verified that this is not enforced regardless if the client has
ssl enabled or not.
Did you try ldapmodify from the command line to see if the problem is
with FDS or with PAM? e.g.
ldapmodify -D "uid=user,ou=people,dc=company,dc=com" -w currentpassword
dn: uid=user,ou=people,dc=company,dc=com
changetype: modify
replace: userPassword
userPassword: passwordinhistory
Please advise as this is a highly critical issue that I must get fixed
in order to move this into production. Thanks very much.
Aaron
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
Power and Associates
Confidentiality Notice:
The information contained in this electronic message is intended for
the exclusive
use of the individual or entity named above and may
contain privileged or confidential information. If the reader of this
message is not the intended recipient or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that dissemination, distribution or copying of this information
is prohibited. If you have received this communication in error, please
notify the sender immediately by telephone and destroy the copies you
received.
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and
Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of
the individual or entity named above and may contain privileged or confidential
information. If the reader of this message is not the intended recipient or the employee
or agent responsible to deliver it to the intended recipient, you are hereby notified that
dissemination, distribution or copying of this information is prohibited. If you have
received this communication in error, please notify the sender immediately by telephone
and destroy the copies you received.