On 9/22/20 2:56 PM, Bryan K. Walton wrote:
I'm looking at the RH documentation for passwordMaxSeqSets, found here:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-passwordMaxSeqSets
Their wording seems a little unclear, to me.
Sorry, I 100% agree...
The paragraph, before the
example states: "If you set the passwordMaxSeqSets parameter to a
value higher than 0, Directory Server rejects passwords with duplicate
monotonic sequences exceeding the length set in the parameter."
But, in their example, they list a password with two sequences of "XYZ".
And they say that setting the value to 2 would prevent that password.
But according to the paragraph before the example, shouldn't it be set
to 1?
Yeah it is worded strangely, but the documentation is sort of correct.
Setting it to "2" means you can NOT have two or more sequence sets that
have a length of 2 characters. I'll open a doc bug to get that
clarified this...
I have passwordMaxSequence set to 3. Can somebody clarify how
passwordMaxSeqSets should be set to prevent any duplicate sequences?
Setting passwordMaxSeqSets rejects any duplicate sequence, but that
sequence length must be the _same_ or higher than the setting.
So i you want to reject duplicate sequences then set passwordMaxSeqSets
to the length of sequence you want to check. For example, if you want to
reject duplicate sequences where the sequence length is 4 or higher
(e.g. bcde), then you set passwordMaxSeqSets to 4.
But if you were only concerned about a single sequence, then it's a
little different. If you want to reject a single sequence of 4
characters or more then you set passwordMaxSequence to 3 (as 4 would be
exceeding the max). So it's a bit inconsistent between these two
settings :-(
If you still have questions, and you probably do, please let me know.
Mark
Thanks,
Bryan
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
--
389 Directory Server Development Team
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
