[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: On pwdGraceUseTime granularity

To: Matus Honek <mhonek@redhat.com>, openldap-technical@openldap.org
Subject: Re: On pwdGraceUseTime granularity
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Wed, 13 Mar 2019 09:35:42 -0700
Content-disposition: inline
In-reply-to: <CAB2GiLWBVcAQNqeT+uZ4Knqf-xxDi0fG2PeixubDRhAvA7LjBQ@mail.gmail.com>
References: <CAB2GiLWBVcAQNqeT+uZ4Knqf-xxDi0fG2PeixubDRhAvA7LjBQ@mail.gmail.com>

--On Wednesday, March 13, 2019 5:49 PM +0100 Matus Honek<mhonek@redhat.com> wrote:

Hello,

currently, granularity of pwdGraceUseTime is one second. This allows
client to successfully bind with old password as many times as they
want during N seconds (where N is equal to pwdGraceAuthnLimit) which
may be unwanted. Would it be possible to increase the granularity, and
if so, what size would make sense? Could it be made configurable?


I would suggest filing an ITS along the lines of ITS#7161.

Regards,
Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- On pwdGraceUseTime granularity
  - From: Matus Honek <mhonek@redhat.com>

Prev by Date: On pwdGraceUseTime granularity
Next by Date: How do I enable LDAP or OpenLDAP in Windows Server 2019 Active Directory Domain Services Domain Controller?
Index(es):
- Chronological
- Thread