On Fri, Sep 27, 2013 at 10:27:30AM +0200, Martin Kosek wrote:
> On 09/27/2013 09:31 AM, Innes, Duncan wrote:
> >
> >
> >>-----Original Message-----
> >>From: freeipa-users-boun...@redhat.com
> >>[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Sumit Bose
> >>Sent: 26 September 2013 17:36
> >>To: freeipa-users@redhat.com
> >>Subject: Re: [Freeipa-users] Force IPA to accept password?
> ...
> >>Which command did you use to change the password? 'passwd' or
> >>'ipa passwd'?
> >>
> >>If you use 'passwd' the PAM stack on the client for the
> >>passwd command comes into play which typically has some
> >>modules like pam_pwquality.so listed which do checks
> >>including dictionary checks.
> >>
> >>If you use 'ipa passwd' the password should be only validated
> >>against the server-side password policy Martin mentioned above.
> >
> >Sumit, yes - I used 'passwd'.  I'll look into using 'ipa passwd' in
> >about
> >3 months time :-)
> 
> Eh, ok :-) BTW, you could also standard kpasswd, it should also
> avoid modules like pam_pwquality.so and only use the server policy.

Martin, pam_pwquality has an option called 'local_users_only'. According
to bz849072 it should be set by default since F18 but it looks like it
is not set in F19. Should we open a ticket to investigate it?

bye,
Sumit
> 
> Martin
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to