Re: (ITS#5492) Ignore password longer than pwdMinLength specified in PPOLICY

1 May 2008


      huynh.tuan@comcast.net wrote:
...
Full_Name: Tuan Huynh
Version: 2.3.39
OS: Solaris
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (216.39.129.66)
My password is 10 characters long, however system allowed me to login as long as
I enter first 8 characters and it ignored the rest even if I enter garbage.  For
example:
my password is !thisIsATest!
when I login it'll accept password such as !thisIsA or !thisIsAdkdkdkdkdkdkdkdk
I used ppolicy and pwdMinLength is set at 8
Sounds like a configuration error in your Solaris system, or possibly a poor 
choice of password hash mechanism. I don't see any evidence of an OpenLDAP bug 
here.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: (ITS#5492) Ignore password longer than pwdMinLength specified in PPOLICY