[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5492) Ignore password longer than pwdMinLength specified in PPOLICY

huynh.tuan@comcast.net wrote:
> Full_Name: Tuan Huynh
> Version: 2.3.39
> OS: Solaris
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> My password is 10 characters long, however system allowed me to login as long as
> I enter first 8 characters and it ignored the rest even if I enter garbage.  For
> example:
> my password is !thisIsATest!
> when I login it'll accept password such as !thisIsA or !thisIsAdkdkdkdkdkdkdkdk
> I used ppolicy and pwdMinLength is set at 8

Sounds like a configuration error in your Solaris system, or possibly a poor 
choice of password hash mechanism. I don't see any evidence of an OpenLDAP bug 

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/