[Date Prev][Date Next] [Chronological] [Thread] [Top]

passwd policy overlay status

Hey folks,

Whats the status of the password policy overlay in OpenLDAP 2.3? The
credit card industry is mandating Windows-style account expiry and lockout
controls and we'd like to use the ppolicy overlay to implement it using
our existing OpenLDAP/pam_ldap-based authentication system.  The manpage
seems relatively complete and the code looks in decent shape, but there's
some missing details that I'm hoping you can help out with.

2.3 is still in beta stage and we'd like to not use that in production;
has someone backported the ppolicy overlay to 2.2?

In the password history, how are the old passwords encoded? Are they just
a copy of the prior userPassword attribute value (i.e., hashed) or do they
end up in cleartext?

Does anyone have an example of a working config? :-)

Thanks for any info!

Doug White                    |  FreeBSD: The Power to Serve
dwhite@gumbysoft.com          |  www.FreeBSD.org