Re: (ITS#5767) ppolicy doesn't recognize the smbkrb5-specific {K5KEY} storage scheme

Tuesday, 28 October 2008

Guillaume.Rousse(a)inria.fr wrote:
...
 Full_Name: Guillaume Rousse
 Version: 2.4.11
 OS: linux
 URL: ftp://ftp.openldap.org/incoming/
 Submission from: (NULL) (193.55.250.67)

 When using password policy, with pwdCheckQuality set to 1, ppolicy accept to
 change the password of a user to special values such as {SASL} without
 complaining.

 However, trying to use {K5KEY} instead doesn't work, as it doesn't satisfy
 quality checking:
 ldap_modify: Constraint violation (19)
 additional info: Password fails quality checking policy 
This is not a bug; ppolicy quality checking only works when a plaintext 
password is provided. The fact that you saw "{SASL}" work is probably just a 
coincidence, i.e., --enable-spasswd is not set by default in configure, so 
"{SASL}" is just treated as a plaintext string, not a password scheme.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006