[Freeipa-users] sync passwords with AD or not per user
Rob Crittenden
rcritten at redhat.com
Wed Jun 8 14:27:37 UTC 2011
Rich Megginson wrote:
> On 06/07/2011 03:41 PM, Steven Jones wrote:
>> Hi,
>>
>> For most users I will want to allow the same password in AD as in
>> freeipa....so a linux or windows desktop will work with a linux or
>> windows service.....but for some specific financial servers/services I
>> need a stricter password capability to meet our audit criteria.
> In 389 you can set password policy on a per-user or per-subtree basis.
> With a little extra work, you could probably get this working on a
> per-group or per-role basis as well. This should apply to IPA as well,
> depending on how they have implemented support for password policy.
We have per-group password policy but we don't use the 389-ds password
policy engine. What I don't know is what happens if you set a lousy
password in AD whether that gets replicated to IPA. Will it be rejected,
accepted?
rob
More information about the Freeipa-users
mailing list