Agree about password security. What I provided was just an example of a password. Unfortunately forcing the use of a non similar is beyond my control. I guess one bright spot is the password being used meets all other complexity requirements, I just needed to allow subsequent passwords to be similar. On May 29, 2014 6:08 AM, "Vincent Gerris" <[email protected]> wrote:
> Well I just like to note that you SHOULD NOT want to use a password like > that. > It's completely insecure and thus a very BAD idea from a security > perspective. > As far as I know, you can override a directory wide password policy per > account, so if the restrictions come from there, just change them there, > there is a setting that defines how different a next password should be. > If it come from a module in between with similar rules and if you really > want to do this, you should also modify it there. > If the module correctly handles LDAP responses regarding password > policies, then you should be able to disable the checks there. > > > > On Wed, May 28, 2014 at 11:06 PM, John Trump <[email protected]> wrote: > >> The issue was being caused by the pam module on the linux systems. Not >> sure why I have to modify pam module to allow similar paswords when >> changing ldap passwords. >> >> >> On Wed, May 28, 2014 at 4:24 PM, Mark Reynolds <[email protected]>wrote: >> >>> >>> On 05/28/2014 04:21 PM, John Trump wrote: >>> >>> Not using any other client app. User logged on to a linux system and >>> trying to change password. If they choose a password to similar to the old >>> one it will not allow it. >>> >>> How are you changing the password, are you using ldapmodify? Can you >>> post access log(/var/log/dirsrv/slapd-INSTANCE/access) output showing the >>> failed password attempt? >>> >>> >>> >>> On Wed, May 28, 2014 at 4:14 PM, Mark Reynolds <[email protected]>wrote: >>> >>>> >>>> On 05/28/2014 04:06 PM, John Trump wrote: >>>> >>>> Haven't been able to come up with a solution yet. Hopefully someone on >>>> the list has a suggestion. >>>> >>>> >>>> On Fri, May 23, 2014 at 12:42 PM, John Trump <[email protected]> wrote: >>>> >>>>> I would like to relax the password policy for specific users to allow >>>>> them to modify passwords but use similar password to their old one. These >>>>> are "group" accounts and would like to allow password to be set to: >>>>> password01 then allow password to be changed to password02. Currently this >>>>> is not allowed. I understand security risk etc in allowing this. I do want >>>>> to keep other password complexity and history settings. >>>>> >>>>> Suggestions? >>>>> >>>> I'm not aware of a setting in 389 that prohibits you from using >>>> secret01, then secret02, and then secret03, etc. These should all be >>>> allowed. Are you using some other client app(freeIPA?) to make these >>>> password updates? >>>> >>>> >>>> >>>> >>>> -- >>>> 389 users mailing >>>> [email protected]https://admin.fedoraproject.org/mailman/listinfo/389-users >>>> >>>> >>>> >>>> -- >>>> 389 users mailing list >>>> [email protected] >>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>> >>> >>> >>> >>> -- >>> 389 users mailing >>> [email protected]https://admin.fedoraproject.org/mailman/listinfo/389-users >>> >>> >>> >>> -- >>> 389 users mailing list >>> [email protected] >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>> >> >> >> -- >> 389 users mailing list >> [email protected] >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
