lucas theisen created DIRSERVER-2084:
Summary: Admin user should be exempt from the pwdHistory check
Key: DIRSERVER-2084
URL: https://issues.apache.org/jira/browse/DIRSERVER-2084
Project:
Le 23/07/15 23:27, Lucas Theisen a écrit :
If i have a security concern, what is the best way to go about discussing
it as a team? Should I just send out on this mailing list, or the security
mailing list, or do we have a private virtual conference room? I am not
sure others are concerned
[
https://issues.apache.org/jira/browse/DIRSERVER-2084?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14639693#comment-14639693
]
lucas theisen commented on DIRSERVER-2084:
--
{code}
$ svn commit
Sending
[
https://issues.apache.org/jira/browse/DIRSERVER-2084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
lucas theisen closed DIRSERVER-2084.
Resolution: Fixed
Fix Version/s: 2.0.0-M21
Admin user should be exempt from the
[
https://issues.apache.org/jira/browse/DIRSTUDIO-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Csaba Cserba updated DIRSTUDIO-1066:
Attachment: screenshot-3.png
Apache Directory Studio GSSAPI (Kerberos) Error
[
https://issues.apache.org/jira/browse/DIRSTUDIO-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14638691#comment-14638691
]
Emmanuel Lecharny commented on DIRSTUDIO-1066:
--
Do you still have the
[
https://issues.apache.org/jira/browse/DIRKRB-374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jiajia Li updated DIRKRB-374:
-
Attachment: DIRKRB-374-v2.patch
Update the patch according Kai's advises:
1. Add the test when token
If i have a security concern, what is the best way to go about discussing
it as a team? Should I just send out on this mailing list, or the security
mailing list, or do we have a private virtual conference room? I am not
sure others are concerned about this so I dont want to make a big deal
[
https://issues.apache.org/jira/browse/DIRSTUDIO-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14638837#comment-14638837
]
Csaba Cserba commented on DIRSTUDIO-1066:
-
I have putted that file to search
[
https://issues.apache.org/jira/browse/DIRSTUDIO-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14638828#comment-14638828
]
Emmanuel Lecharny commented on DIRSTUDIO-1066:
--
Do you have a
[
https://issues.apache.org/jira/browse/DIRSTUDIO-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14638896#comment-14638896
]
Emmanuel Lecharny commented on DIRSTUDIO-1066:
--
Please have a look at
vialleton created DIRSERVER-2083:
Summary: shared ldap name DN NoClassDefFoundError
Key: DIRSERVER-2083
URL: https://issues.apache.org/jira/browse/DIRSERVER-2083
Project: Directory ApacheDS
The password policy RFC
(http://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-8.2.6)
is not very explicit, but it seems to me that an admin user account should be
exempt from the pwdHistory check. Its not uncommon (though ill advised) for
admins to supply simple temporary
[
https://issues.apache.org/jira/browse/DIRSTUDIO-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14638717#comment-14638717
]
Csaba Cserba commented on DIRSTUDIO-1066:
-
Right now it is like this:
The
I have need to hash more than just the userPassword attribute (I store the
answers to security questions as well), and figured other people may need the
same feature. I would add it to the source branch, but my solution was to hard
code the list of hashed OID's in classes similar those in the
Le 23/07/15 19:07, Pierre Smits a écrit :
As i read the document, I could not establish the notion that admins are
exempted. But I am inclined to agree that the (one and only) super user
account could be immune to this.
Given that there is controversy, we can establish our own ruling.
Thanks, Emmanuel. I would say that such also constitutes an adoption risk.
Reinstalling a in-production setup is not an option!? I wonder how our
major competitors are handling/selling this.
Best regards,
Pierre Smits
*ORRTIZ.COM http://www.orrtiz.com*
Services Solutions for Cloud-
Based
Le 23/07/15 18:47, Theisen, Lucas a écrit :
The password policy RFC
(http://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-8.2.6)
is not very explicit, but it seems to me that an admin user account should
be exempt from the pwdHistory check.
Agreed.
Its not uncommon
[
https://issues.apache.org/jira/browse/DIRSERVER-2083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lecharny resolved DIRSERVER-2083.
--
Resolution: Won't Fix
Don't use 1.5.6. It's 5 years old, and it's not
As i read the document, I could not establish the notion that admins are
exempted. But I am inclined to agree that the (one and only) super user
account could be immune to this.
Given that there is controversy, we can establish our own ruling. However,
we need to keep in mind that this
Sounds advisable to me, this is how Edirectory handles admin password resets,
btw.. Not just to prevent reuse of simple temp passwords, but also to prevent
a) telling admins real previous passwords that could still be in use elsewhere
or
b) giving hints on a user's password scheme which may
[
https://issues.apache.org/jira/browse/DIRSTUDIO-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14638637#comment-14638637
]
Csaba Cserba commented on DIRSTUDIO-1066:
-
The registry entry was set at the
[
https://issues.apache.org/jira/browse/DIRSTUDIO-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Csaba Cserba updated DIRSTUDIO-1066:
Attachment: screenshot-2.png
Apache Directory Studio GSSAPI (Kerberos) Error
23 matches
Mail list logo