Re: libpam-ldap and password policies
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: libpam-ldap and password policies
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: André Rodier <andre.rodier [at] gmail.com>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: libpam-ldap and password policies
- Date: Sat, 7 Apr 2018 22:45:20 +0200 (CEST)
Sorry for not replying sooner.
On Thu, 29 Mar 2018, André Rodier wrote:
Is there any way to configure libpam-ldap to fulfil the password
policies specified in the directory?
This should be picked up by default on most operations.
However, if I logon on the system as "andre", I can change my password,
type a three letters new password, and libpam-ldap will not complain at
all.
I think the issue in your config is that pwdCheckQuality is set to 0. I
think the password will only be refused if the value is 2. Regarding
policy information nslcd will only enforce what is returned by the LDAP
server and will not interpret policy settings itself (this is where it
differs from policy-like settings in shadowAccount attributes).
Hope this helps,
--
-- Arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/