[389-users] Password + anything works ?

Arpit Tolani arpittolani at gmail.com
Mon Nov 12 21:27:43 UTC 2012 

Hello

On Tue, Nov 13, 2012 at 12:33 AM, Ali Jawad <ali.jawad at splendor.net> wrote:
> In that case I have a major overhaul that I need to complete, change
> password is not working for me, my assumption is that it only works with TLS
> enabled between the client and the server, I have tried to get TLS to run a
> few times but could not get it to run so far. Am I right about the
> assumption that I need encryption between the server and the clients for
> password change to work ?
> Regards
>

When using ldappasswd command, Yes ssl/tls is mandatory, Try changing
password using ldapmodify, it doesnt required ssl/tls connection.

>
> On Mon, Nov 12, 2012 at 8:56 PM, Mark Reynolds <mareynol at redhat.com> wrote:
>>
>> Only "crypt" uses the first 8 characters, so any other scheme would be
>> fine.  After you change the scheme you will need to force all the users to
>> change their passwords - otherwise their crypt passwords will still be
>> present.
>>
>>
>>
>> On 11/12/2012 01:52 PM, Ali Jawad wrote:
>>
>> Hi All
>> This is an all Linux environment with 389 being used as the sole
>> authentication mechanism, I do believe I am using crypt, I am out of office
>> right now, what should I use instead of crypt to match more characters ?
>> Regards
>>
>> On Mon, Nov 12, 2012 at 7:02 PM, Mark Reynolds <mareynol at redhat.com>
>> wrote:
>>>
>>> Also what password storage scheme are you using?  For example "crypt"
>>> only checks the first 8 characters of a password.
>>>
>>>
>>> On 11/12/2012 11:18 AM, Dan Lavu wrote:
>>>
>>> In regards to a password policy? Just 389 or are you using winsync with
>>> AD? Because the password policy from AD does not transfer over. Also they
>>> are some extra steps if you want to setup an OU based password policy but if
>>> you just do it for the entire directory through ‘configuration’ it works
>>> with no issues.
>>>
>>> Dan
>>>
>>> From: Ali Jawad <ali.jawad at splendor.net>
>>> Sent: November 12, 2012 6:00 AM
>>> To: General discussion list for the 389 Directory server project.
>>> Subject: [389-users] Password + anything works ?
>>>
>>> Hi
>>> I just noticed that you can use the password+ANYLetters and it will work,
>>> I.e. if the password is xyz xyz99 or xyzABC will work as well, is this a
>>> misconfiguration on my part or a bug ?
>>> Regards
>>>

Regards
Arpit Tolani

More information about the 389-users mailing list