On Thu, Jan 19, 2006 at 11:01:26AM -0500, Bliss, Aaron wrote: > It appears that this is an issue with the client; if I attempt change a > users password from within fds using a password that I've already used > for that user, I get a warning from fds indicating that it violates > password history rule. However, using passwd from a client allows usage > of old passwords.
PDAL libnss_ldap has another option (present in 2.4.3 at least): pam_lookup_policy yes which may be what you need. > > Aaron > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Richard > Megginson > Sent: Thursday, January 19, 2006 10:59 AM > To: General discussion list for the Fedora Directory server project. > Subject: Re: [Fedora-directory-users] Password history is not being > enforced by the directory server > > Bliss, Aaron wrote: > > >I'm not sure why, but for some reason the directory servers are not > >enforcing password history policies. I've set the policy from within > >the fds console at the data level (as described in directory server > >documentation). > > > Did you set "Enable fine-grained password policy" under the > Configuration tab -> Data node -> Passwords tab? Because the console > will allow you to configure the fine grained password policy under the > Directory tab even if this is not set, but it will not take effect. > > >Here is a sample ldap.conf file: > > > >pam_password exop > >pam_password clear > >pam_password md5 > >ssl start_tls > >ssl on > > > >I'm running fds 1.0.1 on a redhat 4 box (actually have 2 directory > >servers, I've set this policy on both servers, supplier consumer > >replication is setup between them. > > > >I've verified that this is not enforced regardless if the client has > >ssl enabled or not. > > > Did you try ldapmodify from the command line to see if the problem is > with FDS or with PAM? e.g. > ldapmodify -D "uid=user,ou=people,dc=company,dc=com" -w currentpassword > dn: uid=user,ou=people,dc=company,dc=com > changetype: modify > replace: userPassword > userPassword: passwordinhistory > > >Please advise as this is a highly critical issue that I must get fixed > >in order to move this into production. Thanks very much. > > > >Aaron > > > >www.preferredcare.org > >"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. > >Power and Associates > > > >Confidentiality Notice: > >The information contained in this electronic message is intended for > the exclusive use of the individual or entity named above and may > contain privileged or confidential information. If the reader of this > message is not the intended recipient or the employee or agent > responsible to deliver it to the intended recipient, you are hereby > notified that dissemination, distribution or copying of this information > is prohibited. If you have received this communication in error, please > notify the sender immediately by telephone and destroy the copies you > received. > > > > > >-- > >Fedora-directory-users mailing list > >[email protected] > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > www.preferredcare.org > "An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power > and Associates > > Confidentiality Notice: > The information contained in this electronic message is intended for the > exclusive use of the individual or entity named above and may contain > privileged or confidential information. If the reader of this message is not > the intended recipient or the employee or agent responsible to deliver it to > the intended recipient, you are hereby notified that dissemination, > distribution or copying of this information is prohibited. If you have > received this communication in error, please notify the sender immediately by > telephone and destroy the copies you received. > > > -- > Fedora-directory-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Jonathan Barber High Performance Computing Analysis Tel. +44 (0) 1382 86389 -- Fedora-directory-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-directory-users
