Re: What can I use for pwdCheckModule?

Wed, 10 Apr 2013 09:29:58 -0700 

Fair enough.  now I'm updated
$ rpm -qa |grep openldap
openldap-ltb-2.4.35-1.el6.x86_64
openldap-ltb-check-password-1.1-8.el6.x86_64

I dumped and reimported my database, and tried agian.  I dont see any
difference.

TESTS:                      RESULT:

pwdSafeModify: FALSE        PASS:   Message: LDAP password information
update failed: Insufficient access.   Must supply old password to be
changed as well as new one
pwdAllowUserChange: FALSE   PASS:   Message: LDAP password information
update failed: Insufficient access.   User alteration of password is not
allowed
pwdMaxAge: 300              Not Tested.
pwdExpireWarning: 10        Not Tested.
pwdInHistory: 3             FAIL:   I can still flip between 2 passwords
pwdMinLength: 12            FAIL:   I can still set a 6 char password
pwdMustChange:              FAIL:   I am not forced to change passwd.
pwdMaxFailure: 2            FAIL:   Still allowed in after 3 failures





Thanks,
Dan


On Wed, Apr 10, 2013 at 11:57 AM, Clément OUDOT <[email protected]>wrote:

>
>
> 2013/4/10 D C <[email protected]>
>
>> Here are my results..  Any thoughts as to why this is not working?
>> As for my ldap version,  I'm using the version provided in CentOS 6.  I
>> would prefer to use these prepacked builds whenever possible.  If there is
>> an issue where this will not work on that version, then I'll go ahead and
>> upgrade.
>>
>>
>> TESTS:                      RESULT:
>> pwdSafeModify: FALSE        PASS:   Message: LDAP password information
>> update failed: Insufficient access.   Must supply old password to be
>> changed as well as new one
>> pwdAllowUserChange: FALSE   PASS:   Message: LDAP password information
>> update failed: Insufficient access.   User alteration of password is not
>> allowed
>> pwdMaxAge: 300              FAIL:   Login still allowed after 300 seconds.
>> pwdExpireWarning: 10        FAIL:   No warning message
>> pwdInHistory: 3             FAIL:   I can still flip between 2 passwords
>> pwdMinLength: 12            FAIL:   I can still set a 6 char password
>> pwdMustChange:              FAIL:   I am not forced to change passwd.
>> pwdMaxFailure: 2            FAIL:   Still allowed in after 6 failures
>>
>> Other Info:
>> pwdLockout:         TRUE
>> pwdLockoutDuration: 600
>>
>>
>>
>>
>
> As Quanah said, your version is quite old with a lot of bugs on ppolicy.
> Upgrade to the latest version.
>
>
> Clément.
>

Reply via email to