On February 15, 2019 10:50:36 PM GMT+08:00, Howard Chu firstname.lastname@example.org wrote:
slapd does not store plaintext passwords either.
sorry for spreading mis infomation based on my imagination. With ppolicy, can a user change his password after his password expired? I'd think no, because you have to bind before you modify the userpassword field, and if the password expired I'd think bind will fail. OTOH, kerberos does allow user to change password after expiration. this save me a lot of work, because my users always forgot to change pw in time.