[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5492) Ignore password longer than pwdMinLength specified in PPOLICY
huynh.tuan@comcast.net wrote:
> Full_Name: Tuan Huynh
> Version: 2.3.39
> OS: Solaris
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (216.39.129.66)
>
>
> My password is 10 characters long, however system allowed me to login as long as
> I enter first 8 characters and it ignored the rest even if I enter garbage. For
> example:
>
> my password is !thisIsATest!
> when I login it'll accept password such as !thisIsA or !thisIsAdkdkdkdkdkdkdkdk
>
> I used ppolicy and pwdMinLength is set at 8
Sounds like a configuration error in your Solaris system, or possibly a poor
choice of password hash mechanism. I don't see any evidence of an OpenLDAP bug
here.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/