[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Questions on ppolicy (SLES11)

To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, openldap-technical@openldap.org
Subject: Re: Questions on ppolicy (SLES11)
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 13 Oct 2014 10:15:30 +0200
In-reply-to: <543B92DE020000A100017526@gwsmtp1.uni-regensburg.de>
References: <543B92DE020000A100017526@gwsmtp1.uni-regensburg.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26.1

Ulrich Windl wrote:
> I created one test user with a ppolicy, and expectation is that on first
> login the passowrd should be canged (minus grace logins).

People fail to understand that it's the LDAP client's responsibility to
enforce this based on the ppolicy response control returned to the client.

=> Therefore I consider this "enforce password change on initial login" to be
bad practice anyway. I strongly recommend to rethink your password reset process.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Questions on ppolicy (SLES11)
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

Prev by Date: Re: Complementing "set" ACLs documentation
Next by Date: Antw: Questions on ppolicy (SLES11)
Index(es):
- Chronological
- Thread