[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5767) ppolicy doesn't recognize the smbkrb5-specific {K5KEY} storage scheme

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5767) ppolicy doesn't recognize the smbkrb5-specific {K5KEY} storage scheme
From: hyc@symas.com
Date: Tue, 28 Oct 2008 13:36:16 GMT

Guillaume.Rousse@inria.fr wrote:
> Full_Name: Guillaume Rousse
> Version: 2.4.11
> OS: linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (193.55.250.67)
>
>
> When using password policy, with pwdCheckQuality set to 1, ppolicy accept to
> change the password of a user to special values such as {SASL} without
> complaining.
>
> However, trying to use {K5KEY} instead doesn't work, as it doesn't satisfy
> quality checking:
> ldap_modify: Constraint violation (19)
> additional info: Password fails quality checking policy

This is not a bug; ppolicy quality checking only works when a plaintext 
password is provided. The fact that you saw "{SASL}" work is probably just a 
coincidence, i.e., --enable-spasswd is not set by default in configure, so 
"{SASL}" is just treated as a plaintext string, not a password scheme.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#5774) Modifications not saved on file by back-ldif (on Windows)
Next by Date: ACLs related to the content of *new* entries (ITS#4556)
Index(es):
- Chronological
- Thread