I have made a tiny modification to the ppolicy-module. The aim is to go easy on people who forgot their password, or forgot to deploy their recently changed password to all devices (think of laptops, smartphones, etc.). Whenever a login fails due to a invalid password, the ppolicy-module will count this as a failure. After a configurable number of password failures in a given time, ppolicy will take action and - for example - lock the acount. I have tried to tweak this behaviour: When the password is found in the password history, the ppolicy-module will not count this as a password failure. If anyone is interested in this, please find the attached patch which also includes a working example configuration/testcase.
I guess this change would open a can of worms, e.g. when password expiry is in effect.
Description: S/MIME Cryptographic Signature