On 06/07/2011 03:41 PM, Steven Jones wrote:
In 389 you can set password policy on a per-user or per-subtree basis.
With a little extra work, you could probably get this working on a
per-group or per-role basis as well. This should apply to IPA as well,
depending on how they have implemented support for password policy.
For most users I will want to allow the same password in AD as in freeipa....so
a linux or windows desktop will work with a linux or windows service.....but
for some specific financial servers/services I need a stricter password
capability to meet our audit criteria.
From: Rich Megginson [rmegg...@redhat.com]
Sent: Wednesday, 8 June 2011 9:36 a.m.
To: Steven Jones
Subject: Re: [Freeipa-users] sync passwords with AD or not per user
On 06/07/2011 03:36 PM, Steven Jones wrote:
What sort of password control? Minimum length? Character classes?
Password history checking?
yes, yes and yes...
With plain old 389, you can do all of these and more. IPA has its own
password checking plugin, so it may differ slightly.
But what does this have to do with Windows PassSync?
Freeipa-users mailing list