On 06/07/2011 03:41 PM, Steven Jones wrote:

For most users I will want to allow the same password in AD as in freeipa....so 
a linux or windows desktop will work with a linux or windows service.....but 
for some specific financial servers/services I need a stricter password 
capability to meet our audit criteria.
In 389 you can set password policy on a per-user or per-subtree basis. With a little extra work, you could probably get this working on a per-group or per-role basis as well. This should apply to IPA as well, depending on how they have implemented support for password policy.

From: Rich Megginson [rmegg...@redhat.com]
Sent: Wednesday, 8 June 2011 9:36 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] sync passwords with AD or not per user

On 06/07/2011 03:36 PM, Steven Jones wrote:
What sort of password control?  Minimum length?  Character classes?
Password history checking?
yes, yes and yes...

With plain old 389, you can do all of these and more.  IPA has its own
password checking plugin, so it may differ slightly.

But what does this have to do with Windows PassSync?

Freeipa-users mailing list

Reply via email to