21 Jun
2019
21 Jun
'19
7:33 a.m.
On 6/21/19 3:52 PM, Quanah Gibson-Mount wrote:
Generally, if you want to restrict access to pwdHistory, you would do something like:
access to attrs=pwdHistory by self write by *none
Making pwdHistory writeable by user him/herself is almost a security issue. User would additionally need manage privilege to really remove the attribute but still the above ACL is not good practice.
Ciao, Michael.