[Fedora-directory-users] password history question
Jamie McKnight
warthog at warthogsolutions.com
Sun Jan 8 21:00:39 UTC 2006
On Sun, 2006-01-08 at 21:32 +0100, Jo De Troy wrote:
> Hello,
>
> I'm using FDS 1.0.1 on RHEL 4
> I've setup a global password policy and I've enabled password history
> of 5 passwords via the console.
> When I login through ssh with and LDAP user and I change the user's
> password via 'passwd' it seems I am able to use older password. Can
> anybody point me to what I'm probably doing wrong? Has anyone
> experienced the same problem? What am I doing wrong?
> Or does the password history not work when changing the password
> through passwd?
>
> Thanks in advance,
> Jo
If the client is a Linux box, make sure you have this set
in /etc/ldap.conf:
pam_password clear
Otherwise what is being passed to the directory server is the hashed
password, and the password history comparison will not find a match.
The DS will take the clear password, and encrypt it with matching
salts/method to see if the new password matches what's in the history.
You will also want to enable LDAPS or SSL/TLS so your passwords are not
going across the wire in the clear.
Hope this helps,
Jamie
More information about the Fedora-directory-users
mailing list