Re: Regarding password expiry in openldap fortress.

To: Shawn McKinney <shawn.mckinney@jts.us>

Subject: Re: Regarding password expiry in openldap fortress.

From: raman nanda <ramannanda9@gmail.com>

Date: Mon, 6 Jan 2014 21:10:16 +0530

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=crx86RfD5w6Q6ohoQllZGi1jY5cYw980WQyq/9Cm+BI=; b=fJTr8gp78dT2EL5imyOMUP/Gawd84fOeV3MpVqXMx20TK3fYoXZa3PnjKLGKG8vTQz /fCt/Aln81pfTYP8j3TIBcIuLcVdxoLO18DxK+qXIhLCuzanffbqyzFETVwL/Chgr2FS LYR87GWV8/QRu02eKKN6tsNWkq5B3dYaCdHl0EdI0yWPWV0YUxbKN+4QOdDhVQUGUrFD kwd/b5WLygNyhgt+CJSpuyZFKFb9MRxeA5xbgA8cIbiX60ao3iJREwFn0wnotH4S/cGc JKhorWtU7pbimUvcsvGJKZXrcsj6nMkh27kpP9t6f7kI2aLRiWgkZ1QDgq7dkvuRuQQI DT7Q==

In-reply-to: <52CAC31C.9050908@jts.us>

References: <CAJtV1dSxn0fk4OgcPiotAFeprZeq2+mYAsgWLcueEhjwV3MvjQ@mail.gmail.com> <52CAC31C.9050908@jts.us>

Hi,

Thanks for the information; I will alter the application flow accordingly.

Regards,

Ramandeep

On Mon, Jan 6, 2014 at 8:22 PM, Shawn McKinney <shawn.mckinney@jts.us> wrote:

On 01/06/2014 08:01 AM, raman nanda wrote:

Can't the user change his own password after it has expired ?

No they cannot. The correct response it to monitor pwpolicy's expiring value and prompt the user to change before pw expires - OR - to enable grace on the user's pwpolicy and allow them to change while pw is within grace period.

--
Shawn McKinney
shawn.mckinney@jts.us

--
Ramandeep Singh
http://ramannanda.blogspot.com
ramannanda9@gmail.com