[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy: pardon password history

To: hercherf@hrz.uni-marburg.de, openldap-devel@openldap.org
Subject: Re: ppolicy: pardon password history
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 20 Apr 2015 19:28:31 +0200
In-reply-to: <20150420163706.Horde.gjucRgyPcQvxxRUE0J4-XA2@home.hrz.uni-marburg.de>
References: <20150420163706.Horde.gjucRgyPcQvxxRUE0J4-XA2@home.hrz.uni-marburg.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 SeaMonkey/2.33.1

hercherf@hrz.uni-marburg.de wrote:

I have made a tiny modification to the ppolicy-module. The aim is to go easy
on people who forgot their password, or forgot to deploy their recently
changed password to all devices (think of laptops, smartphones, etc.).
Whenever a login fails due to a invalid password, the ppolicy-module will
count this as a failure. After a configurable number of password failures in a
given time, ppolicy will take action and - for example - lock the acount. I
have tried to tweak this behaviour: When the password is found in the password
history, the ppolicy-module will not count this as a password failure. If
anyone is interested in this, please find the attached patch which also
includes a working example configuration/testcase.

I guess this change would open a can of worms, e.g. when password expiry is ineffect.


Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: ppolicy: pardon password history
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

References:
- ppolicy: pardon password history
  - From: hercherf@hrz.uni-marburg.de

Prev by Date: ppolicy: pardon password history
Next by Date: Re: Fwd: [Patch] Allocating sparse files on Windows
Index(es):
- Chronological
- Thread