directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "lucas theisen (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (DIRSERVER-1928) PasswordPolicy should be ignored from Admin session
Date Fri, 06 Dec 2013 18:57:38 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1928?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13841539#comment-13841539
] 

lucas theisen edited comment on DIRSERVER-1928 at 12/6/13 6:56 PM:
-------------------------------------------------------------------

A patch to the PwdModifyIT unit test that demonstrates the issue.


was (Author: ltheisen@mitre.org):
A unit test that demonstrates the issue.

> PasswordPolicy should be ignored from Admin session
> ---------------------------------------------------
>
>                 Key: DIRSERVER-1928
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1928
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core-integ
>    Affects Versions: 2.0.0-M15, 2.0.0-M16
>            Reporter: lucas theisen
>            Priority: Critical
>         Attachments: ppolicytest.patch
>
>
> While not explicitly stated in either the RFC for password policy (http://tools.ietf.org/html/draft-behera-ldap-password-policy-10),
an authenticated session with admin privileges should avoid password policy checks.  For example,
a user might change his password and forget it soon thereafter.  At which point he would contact
an administrator and ask to have it reset again.  If an ads-pwdMinAge is set longer than the
elapsed time, even the administrator is unable to fix the problem (short of modifying the
pwdChangedTime by hand before making the request).  Other LDAP implementations like Active
Directory do this, and operating systems like windows and unix do this...  Would it not make
sense to do the same here?



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message