[Date Prev][Date Next]
Re: passwd policy overlay status
Doug White wrote:
The overlay was originally written for 2.2. However, the current code in
CVS will only work with 2.3. The differences are probably minor, if you
really want to get it running again under 2.2. Since that would be a new
feature for 2.2, it is not something we will do as part of the Project.
But as an alternative, you can use Symas CDS 2, which is based on
OpenLDAP 2.2, and has this and many other overlays already bundled.
Whats the status of the password policy overlay in OpenLDAP 2.3? The
credit card industry is mandating Windows-style account expiry and lockout
controls and we'd like to use the ppolicy overlay to implement it using
our existing OpenLDAP/pam_ldap-based authentication system. The manpage
seems relatively complete and the code looks in decent shape, but there's
some missing details that I'm hoping you can help out with.
2.3 is still in beta stage and we'd like to not use that in production;
has someone backported the ppolicy overlay to 2.2?
In the password history, how are the old passwords encoded? Are they justThey are a copy of the previous userPassword attribute value. If the
previous value was cleartext, it will remain as cleartext. If it was
hashed, it will remain hashed. Certainly we cannot reverse a hash to
turn it back into cleartext.
a copy of the prior userPassword attribute value (i.e., hashed) or do they
end up in cleartext?
Does anyone have an example of a working config? :-)See the test suite. Test022 sets up a ppolicy instance and exercises the
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support