[389-users] default password parameters

[Elizabeth Jones]

We recently discovered that some of our users can pad their login
passwords with additional characters and still get authenticated by our
389DS. Our server was migrated from another server and we didn't set
anything as far as password requirements in the 389DS because we didn't
want to end up locking any migrated users out. Would the default settings
for 389DS have a max number of characters that it looks at/returns, so
that when these users are logging in and padding their passwords, it
doesn't matter because it is only using the first 8 characters or
something?

We also found that after a user has changed their password using our
password change program, which does enforce password rules, they are no
longer able to pad their passwords.

thanks for any insight -

EJ