Re: libpam-ldap and password policies

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: André Rodier <andre.rodier [at] gmail.com>
Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: libpam-ldap and password policies
Date: Sat, 7 Apr 2018 22:45:20 +0200 (CEST)


Sorry for not replying sooner.

On Thu, 29 Mar 2018, André Rodier wrote:

Is there any way to configure libpam-ldap to fulfil the passwordpolicies specified in the directory?


This should be picked up by default on most operations.

However, if I logon on the system as "andre", I can change my password,type a three letters new password, and libpam-ldap will not complain atall.

I think the issue in your config is that pwdCheckQuality is set to 0. Ithink the password will only be refused if the value is 2. Regardingpolicy information nslcd will only enforce what is returned by the LDAPserver and will not interpret policy settings itself (this is where itdiffers from policy-like settings in shadowAccount attributes).


Hope this helps,

--
-- Arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

libpam-ldap and password policies, André Rodier
- Re: libpam-ldap and password policies, Trent W. Buck
  - Re: libpam-ldap and password policies, Trent W. Buck
  - Re: libpam-ldap and password policies, André Rodier
- Re: libpam-ldap and password policies, Arthur de Jong

Prev by Date: Replacing spaces with underscores automatically
Next by Date: NSCD behaving weirdly with NSLCD
Previous by thread: Re: libpam-ldap and password policies
Next by thread: Replacing spaces with underscores automatically