[389-users] Entire password not checked
Aaron Mills
aaron.mills at returnpath.net
Mon Apr 26 20:30:08 UTC 2010
Hi All,
I have an FDS and 389 instance set up with a number of users, and password policy requiring minimum password length, some numbers, and some other characters.
This all works well for mandating secure passwords. However, whenever users authenticate via LDAP the server appears to check only the first 8 characters of their passwords. For example if a user has a password of "foobar1234!" they can still login with "foobar12" or "foobar12bazbaz" I've tested this with unix client logins (via PAM) and directly via the ldapsearch command. Both exhibit the same behavior.
Goo diligence hasn't really turned up anything, though it could be I'm missing the obvious. Has anyone run into this problem before? Is this possibly an issue with they way i'm storing passwords?
-Aaron
More information about the 389-users
mailing list