John Trump via FreeIPA-users wrote:
> I am using FreeIPA 4.4 and have implemented a password policy where
> password history is set to 24. If a password admin or the user "admin"
> resets a users password, the user is forced to change their password
> upon logging in. At this point, the user is able to reuse the previous
> password even though it should be in their password history. How do I
> make it so a password reset by an admin does not wipe out the users'
> password history?
I don't think the history is being wiped out. You can confirm by
searching as Directory Manager:
$ ldapsearch -x -D 'cn=directory manager' -W -b
It's been a very long time since I've looked at this code. I know there
is some special handling around resets and password history (e.g. it
gets skipped in this case). I don't know and somehow doubt it would be
skipped in the case of setting a new password in case of reset.
Do you know if other policy is being applied, like length, character
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org