Hello, I''m using FDS 1.0.1 on RHEL 4 I''ve setup a global password policy and I''ve enabled password history of 5 passwords via the console. When I login through ssh with and LDAP user and I change the user''s password via ''passwd'' it seems I am able to use older password. Can anybody point me to what I''m probably doing wrong? Has anyone experienced the same problem? What am I doing wrong? Or does the password history not work when changing the password through passwd? Thanks in advance, Jo
Jamie McKnight
2006-Jan-08 21:00 UTC
Re: [Fedora-directory-users] password history question
On Sun, 2006-01-08 at 21:32 +0100, Jo De Troy wrote:> Hello, > > I''m using FDS 1.0.1 on RHEL 4 > I''ve setup a global password policy and I''ve enabled password history > of 5 passwords via the console. > When I login through ssh with and LDAP user and I change the user''s > password via ''passwd'' it seems I am able to use older password. Can > anybody point me to what I''m probably doing wrong? Has anyone > experienced the same problem? What am I doing wrong? > Or does the password history not work when changing the password > through passwd? > > Thanks in advance, > JoIf the client is a Linux box, make sure you have this set in /etc/ldap.conf: pam_password clear Otherwise what is being passed to the directory server is the hashed password, and the password history comparison will not find a match. The DS will take the clear password, and encrypt it with matching salts/method to see if the new password matches what''s in the history. You will also want to enable LDAPS or SSL/TLS so your passwords are not going across the wire in the clear. Hope this helps, Jamie