Rich Megginson wrote:
On 06/07/2011 03:41 PM, Steven Jones wrote:
For most users I will want to allow the same password in AD as in
freeipa....so a linux or windows desktop will work with a linux or
windows service.....but for some specific financial servers/services I
need a stricter password capability to meet our audit criteria.
In 389 you can set password policy on a per-user or per-subtree basis.
With a little extra work, you could probably get this working on a
per-group or per-role basis as well. This should apply to IPA as well,
depending on how they have implemented support for password policy.
We have per-group password policy but we don't use the 389-ds password
policy engine. What I don't know is what happens if you set a lousy
password in AD whether that gets replicated to IPA. Will it be rejected,
Freeipa-users mailing list