[Freeipa-users] sync passwords with AD or not per user
Rich Megginson
rmeggins at redhat.com
Tue Jun 7 21:48:30 UTC 2011
On 06/07/2011 03:41 PM, Steven Jones wrote:
> Hi,
>
> For most users I will want to allow the same password in AD as in freeipa....so a linux or windows desktop will work with a linux or windows service.....but for some specific financial servers/services I need a stricter password capability to meet our audit criteria.
In 389 you can set password policy on a per-user or per-subtree basis.
With a little extra work, you could probably get this working on a
per-group or per-role basis as well. This should apply to IPA as well,
depending on how they have implemented support for password policy.
> regards
>
>
> ________________________________________
> From: Rich Megginson [rmeggins at redhat.com]
> Sent: Wednesday, 8 June 2011 9:36 a.m.
> To: Steven Jones
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] sync passwords with AD or not per user
>
> On 06/07/2011 03:36 PM, Steven Jones wrote:
>>> What sort of password control? Minimum length? Character classes?
>>> Password history checking?
>> yes, yes and yes...
>>
>> regards
> With plain old 389, you can do all of these and more. IPA has its own
> password checking plugin, so it may differ slightly.
>
> But what does this have to do with Windows PassSync?
More information about the Freeipa-users
mailing list