Re: ppolicy: pwdInHistory attribute

Thu, 19 Mar 2015 06:31:45 -0700 

Thanks a lot for your help Clément, now it works :)

~]$ passwd
Changing password for user test1.
Enter login(LDAP) password:
New password:
Retype new password:
LDAP password information update failed: Constraint violation
Password is in history of old passwords
passwd: Authentication token manipulation error



2015-03-19 12:50 GMT+01:00 Clément OUDOT <[email protected]>:

> 2015-03-19 12:28 GMT+01:00 Esther Garcia <[email protected]>:
> > Hi Clément,
> >
> > Thanks for your fast reply.
> >
> > Users change their passwords from a client using the passwd command.
> >
> > For example, we can see the pwdHistory entries for this test user:
> >
> > dn: uid=test1,ou=People,dc=test,dc=es
> > structuralObjectClass: account
> > entryUUID: 555c6cda-42b1-1031-9c5a-c117d5dee54e
> > creatorsName: cn=Administrador,dc=test,dc=es
> > createTimestamp: 20120604165154Z
> > pwdHistory:
> > 20150318163116Z#1.3.6.1.4.1.1466.115.121.1.40#41#{crypt}$1$V1b0jbs
> >  R$lT.LD2PFakjfgg9d/BP2gY/
> > pwdHistory:
> > 20150318163144Z#1.3.6.1.4.1.1466.115.121.1.40#41#{CRYPT}$1$AdfsWnq
> >  p$6haOPh3AM6McehZPwwqig0
> > pwdHistory:
> > 20150318163236Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}LVhNB455UYC
> >  O8nljcwf7KVqOkjsDgUdjf
> > pwdHistory:
> > 20150318163324Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}YBWieVAaj6s
> >  QcrQNAqT7i2kmebQ2+k5s
> > pwdHistory:
> > 20150318163348Z#1.3.6.1.4.1.1466.115.121.1.40#41#{crypt}$1$C5F1iK2
> >  y$0jk2K8skjjoKhGsBN5JUdsM1
> > pwdChangedTime: 20150318163348Z
> > entryCSN: 20150318163348.185046Z#000000#001#000000
> > modifiersName: uid=test1,ou=People,dc=test,dc=es
> > modifyTimestamp: 20150318163348Z
> > entryDN: uid=test1,ou=People,dc=test,dc=es
> > subschemaSubentry: cn=Subschema
> > hasSubordinates: FALSE
> >
> > In this example, the pwdHistory entries with {CRYPT} passwords belong to
> the
> > passwords changed by the user from the client (using the passwd command).
> > And the entries with {SSHA} passwords belong to password changed from the
> > LDAP server by the admin user.
> >
>
> You should configure your client to not crypt password. See
> pam_password parameter in PAM LDAP configuration.
>
>
>
> Clément.
>

Reply via email to