directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Theisen, Lucas" <lthei...@mitre.org>
Subject pwdHistory and admin
Date Thu, 23 Jul 2015 16:47:48 GMT
The password policy  RFC (http://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-8.2.6)
is not very explicit, but it seems to me that an admin user account should be exempt from
the pwdHistory check.  Its not uncommon (though ill advised) for admins to supply simple temporary
passwords, and if history is long enough, they may have already done so with the same password.
 This is causing failures for me.  I can get around it be manipulating the pwdHistory beforehand,
but that seems like it should be unnecessary.  What do you think?  Should we enable admin
to avoid this check?

Thank You,
Lucas Theisen
ltheisen@mitre.org


Mime
View raw message