[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: A question about pwdMinAge

Chris G. Sellers wrote:
pwdMinAge is part of the password policy, not part of the user's record.

The scheme defines pwdMinAge as being part of the objectClass
pwdPolicy, so unless you have that in your users record, it will not
be there.

I believe you assume correct that it uses math to determine when the
password was last changed, and when the current time is.  If that does
not exceed the value of the password policy entry for pwdMinAge, then
the change will fail.

You could change the user's passwordPolicy to be Zero Day password
change,but you would have to change it back.

RTFM already. slapo-ppolicy(5), pwdReset.

Ryan Steele skrev, on 08-04-2008 23:35:

I wanted to test the scenario where a user had forgotten his
and needed to have it reset.  I wanted to give this user the ability
change this temporary password if they wanted.   To do this, I:

However, because my ppolicy pwdMinAge hadn't expired yet, the user
unable to change the password.  So, it seems necessary to be able to
change that value for the user so he/she can change their
password.  I
couldn't find an attribute called pwdMinAge, but I'm assuming that's
because it just looks at pwdChangedTime.

-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/