[Date Prev][Date Next] [Chronological] [Thread] [Top]

passwd policy overlay status

To: openldap-software@OpenLDAP.org
Subject: passwd policy overlay status
From: Doug White <dwhite@gumbysoft.com>
Date: Tue, 24 May 2005 17:07:59 -0700 (PDT)

Hey folks,

Whats the status of the password policy overlay in OpenLDAP 2.3? The
credit card industry is mandating Windows-style account expiry and lockout
controls and we'd like to use the ppolicy overlay to implement it using
our existing OpenLDAP/pam_ldap-based authentication system.  The manpage
seems relatively complete and the code looks in decent shape, but there's
some missing details that I'm hoping you can help out with.

2.3 is still in beta stage and we'd like to not use that in production;
has someone backported the ppolicy overlay to 2.2?

In the password history, how are the old passwords encoded? Are they just
a copy of the prior userPassword attribute value (i.e., hashed) or do they
end up in cleartext?

Does anyone have an example of a working config? :-)

Thanks for any info!

-- 
Doug White                    |  FreeBSD: The Power to Serve
dwhite@gumbysoft.com          |  www.FreeBSD.org

Follow-Ups:
- Re: passwd policy overlay status
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Stress Testing
Next by Date: Re: passwd policy overlay status
Index(es):
- Chronological
- Thread