Fedora directory users - Feb 2009 - password policy help

Hi all,

I¹m looking for some direction with regard to implementing password policy
in unix authentication. I followed the ppolicy instructions here:

http://directory.fedoraproject.org/wiki/Howto:PAM

In the UI, I¹ve enabled password policy in the database, then on the
relevant subtree. I¹ve enabled password aging, history, and alphanumeric
standards. But it looks like Fedora DS is still letting me change my
password to anything, and doesn¹t maintain a history. Clearly I¹m missing
something. I¹ve checked out google and some of the list history to no avail.
Is there another doc I should take a look at, or has anyone run into this?

Thanks,

    -Aaron

-- 
Aaron Mills
Systems Administrator
Return Path
http://www.returnpath.net

On Fri, 2009-02-20 at 15:24 -0700, Aaron Mills wrote:
> Hi all,
> 
> I’m looking for some direction with regard to implementing password
> policy in unix authentication. I followed the ppolicy instructions
> here:
> 
> http://directory.fedoraproject.org/wiki/Howto:PAM
> 
> In the UI, I’ve enabled password policy in the database, then on the
> relevant subtree. I’ve enabled password aging, history, and
> alphanumeric standards. But it looks like Fedora DS is still letting
> me change my password to anything, and doesn’t maintain a history.
> Clearly I’m missing something. I’ve checked out google and some of the
> list history to no avail. Is there another doc I should take a look
> at, or has anyone run into this?
> 
> Thanks,
> 
>     -Aaron
<snip>
Hi, Aaron.  I''m no expert on this and am struggling to figure it out
myself however I did find I had to tweak the order of pam modules in
Ubuntu.  If I recall correctly, CentOS worked out of the box.  I know
that''s not a clear answer but I hope it sparks you to find a solution.
Please post your results as I''d like to know.  Thanks - John
-- 
John A. Sullivan III
Open Source Development Corporation

Street Preacher: Are you SAVED?????!!!!!!
Educated Skeptic: Saved from WHAT?????!!!!!!
Educated Believer: From our selfishness that hurts the ones we love
                   and condemns us to an eternity of hurting each other.
http://www.spiritualoutreach.com
Christianity that makes sense

Hi John,

Oddly enough, I¹m using CentOS, but it doesn¹t work.  I believe it¹s
something in my DS config, but I can¹t seem to figure out what.  Any other
places to look?

-Aaron


On 2/21/09 8:23 AM, "John A. Sullivan III"
<jsullivan@opensourcedevel.com>
wrote:
> On Fri, 2009-02-20 at 15:24 -0700, Aaron Mills wrote:
>> > Hi all,
>> >
>> > I¹m looking for some direction with regard to implementing
password
>> > policy in unix authentication. I followed the ppolicy instructions
>> > here:
>> >
>> > http://directory.fedoraproject.org/wiki/Howto:PAM
>> >
>> > In the UI, I¹ve enabled password policy in the database, then on
the
>> > relevant subtree. I¹ve enabled password aging, history, and
>> > alphanumeric standards. But it looks like Fedora DS is still
letting
>> > me change my password to anything, and doesn¹t maintain a history.
>> > Clearly I¹m missing something. I¹ve checked out google and some of
the
>> > list history to no avail. Is there another doc I should take a
look
>> > at, or has anyone run into this?
>> >
>> > Thanks,
>> >
>> >     -Aaron
> <snip>
> Hi, Aaron.  I''m no expert on this and am struggling to figure it
out
> myself however I did find I had to tweak the order of pam modules in
> Ubuntu.  If I recall correctly, CentOS worked out of the box.  I know
> that''s not a clear answer but I hope it sparks you to find a
solution.
> Please post your results as I''d like to know.  Thanks - John
> --
> John A. Sullivan III
> Open Source Development Corporation
> 
> Street Preacher: Are you SAVED?????!!!!!!
> Educated Skeptic: Saved from WHAT?????!!!!!!
> Educated Believer: From our selfishness that hurts the ones we love
>                    and condemns us to an eternity of hurting each other.
> http://www.spiritualoutreach.com
> Christianity that makes sense
> 
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.0.237 / Virus Database: 270.11.3/1966 - Release Date: 02/22/09
> 17:21:00
> 
-- 
Aaron Mills
Systems Administrator
Return Path
http://www.returnpath.net