[Fedora-directory-users] Re: enforce strong passwords
by Howard Chu
>
> Message: 5 Date: Thu, 19 Jan 2006 14:25:16 -0700 From: Richard
> Megginson <rmeggins(a)redhat.com> Jo De Troy wrote: > Hello,
>> >
>> > I was wondering if anyone was looking into enforcement of strong
>> > passwords.
>> > I'm not a hardcore C programmer but I'm willing to help. But first
>> > I'll have to try in getting the current version compiled.
>> > I'm certainly willing to do some testing.
>>
>
> Funny you should mention that. We're looking at that issue right now.
> What sort of things would you want to check for?
> min number of lower case
> min number of upper case
> min number of digits
> min number of alphanumerics
> min number of special chars
> no user data in password
> dictionary checking? If so, how? /usr/share/dict/words?
>
>
For OpenLDAP's password policy module we define an attribute in the
policy object that gives the pathname of a dynamically loaded module
that can perform further quality checks. We pass in the password that is
being set, an error string pointer, and the user's current entry and get
a yes/no result code back. I suggest a similar approach here; it's too
limiting to just hardcode one set of rules into the server. (Heck, if we
used SLAPI, we could write these modules interchangeably between
OpenLDAP and FDS.) Symas currently has a module that checks against
cracklib. You could bundle one or two standard modules and go from
there. Probably we should have extended our API to include a pointer to
the current policy object as well. The point is to make the API simple
enough and expressive enough that end-users can plug in whatever
constraints they want.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
18 years, 3 months
Re: [Fedora-directory-users] enforce strong passwords
by Jo De Troy
Hi Nathan, Richard,
I was thinking along the lines of pam_passwdqc, well part of it.
The password should contain at least 3 different character categories.
The categories being: lowercase, uppercase, special characters and numbers
Not specifically a minumum number of uppercase/lowercase/...
Off course there should be no user data in the password, it should not even
contain the username as a substring. But I think that code is already in
CVS. It's checking for cn, givenname, surname, ... attributes
A dictionarry check would be nice but I would maybe make this optional.
I guess that if we make the rules too stringent the enduser may complain
Greetings,
Jo
18 years, 3 months
Re: [Fedora-directory-users] enforce strong passwords
by Jo De Troy
Nathan, Richard,
I meant that the rules I propose combined with a minimum length (be it 6 or
8 characters) should suffice.
Together with a policy that does history checking, lockouts and expiration
we would have a secure enterprise setting, right?
Off course I agree that fds should setup reasonable default values which
can be upgraded or downgraded by the directory admin.
Greetz,
Jo
18 years, 3 months
RE: [Fedora-directory-users] Some password policy enforcement information questions
by Bliss, Aaron
Thanks very much for the explanation; makes much sense to me now; I did
some playing around, and got the directory server to spit out to me that
your password is going to expire in x amount of days. Thanks again.
Aaron
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard
Megginson
Sent: Thursday, January 19, 2006 2:35 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Some password policy enforcement
information questions
It looks like the way it works is this:
When you have enabled password warning, an operational attribute called
"passwordExpWarned" is created in the user's entry. The value will be 0
until the user does a successful BIND operation and the time between now
and the configured password expiration time is less than or equal to the
configured password warning time. When this happens, the warning will
be sent, the value of passwordExpWarned will be changed to 1, and the
operational attribute passwordExpirationTime in the user's entry will be
set to the time at which the password will expire. When the user
changes the password, passwordExpWarned will be reset to 0 and
passwordExpirationTime will be set to the new expiration time.
Bliss, Aaron wrote:
>If I've configured a correct password policy and the warning attribute
>is not getting updated, should this be considered a bug?
>
>Aaron
>
>-----Original Message-----
>From: fedora-directory-users-bounces(a)redhat.com
>[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard
>Megginson
>Sent: Thursday, January 19, 2006 1:48 PM
>To: General discussion list for the Fedora Directory server project.
>Subject: Re: [Fedora-directory-users] Some password policy enforcement
>information questions
>
>Bliss, Aaron wrote:
>
>
>
>>Please forgive me if I'm asking silly newbie questions, however I'm
>>trying to understand exactly what I'm seeing thru fds; first the
>>policy
>>
>>
>
>
>
>>I've configured on the directory using the fds console:
>>I've enabled fine-grain password policy for the data unit, including
>>password history enforcement, password expiration after 90 days,
>>password warning 14 days before password expires, check password
>>syntax, account lockout policy enabled after 3 login failures for 120
>>minutes and reset failure count after 15 minutes.
>>
>>Everything seems to be working except for send password warning; in
the
>>client's ldap.conf file, I've enabled pam_lookup_policy yes.
>>
>>Looking at account information attributes for a user, passwordexpwarnd
>>value is 0; I've reset users password to try to initialize the
>>password
>>
>>
>
>
>
>>policy, however this value never seems to change. According to this
>>documentation
>>http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#107
>>7
>>0
>>81 I believe that this attribute is stored in seconds. Is this true?
>>
>>
>>
>>
>Yes.
>
>
>
>>If so, what can I do to ensure this attribute is getting updated
>>(assuming that this is the attribute responsible for triggering
>>password expiration warning).
>>
>>
>>
>>
>I'm not really sure.
>
>
>
>>Second issue/question:
>>I've looked at this wiki
>>http://directory.fedora.redhat.com/wiki/Howto:PAM and near the very
>>bottom it mentions adding the following
>>
>>dn: cn=config
>>changetype: modify
>>add: passwordExp
>>passwordExp: on
>>-
>>add: passwordMaxAge
>>passwordMaxAge: 8640000 (this I believe would give a password max age
>>of 100 days)
>>
>>Do I need to add these attributes even though I've configured the
>>password policy using fds console has done this for me. Is this the
>>case, I see don't these attributes in the gui, however I do see
>>passwordexpirationtime as an attribute and is set to 90 days from now
>>(I'm want to ensure that accounts are indeed locked after passwords
>>have expired).
>>
>>
>>
>>
>Those attributes are only for global (default) password policy - what
>you have set for fine grained password policy will override those.
>
>
>
>>Also, Jim Summers posted to this group that he saw an issue with
>>shadowpasswd / shadowexpire fields not being updated
>>https://www.redhat.com/archives/fedora-directory-users/2005-December/m
>>s
>>g
>>00367.html
>>
>>Can anyone tell me what these fields are used for, as I don't see any
>>mention of them in this documentation
>>http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#107
>>7
>>0
>>81
>>
>>
>>
>>
>Right. They are a PAM/posix thing - FDS treats them as any other data
>- it doesn't update them from it's own password policy.
>
>
>
>>Thanks again very much.
>>
>>Aaron
>>
>>
>>
>>
>>www.preferredcare.org
>>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
>>Power and Associates
>>
>>Confidentiality Notice:
>>The information contained in this electronic message is intended for
>>
>>
>the exclusive use of the individual or entity named above and may
>contain privileged or confidential information. If the reader of this
>message is not the intended recipient or the employee or agent
>responsible to deliver it to the intended recipient, you are hereby
>notified that dissemination, distribution or copying of this
>information is prohibited. If you have received this communication in
>error, please notify the sender immediately by telephone and destroy
>the copies you received.
>
>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users(a)redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>>
>>
>
>
>www.preferredcare.org
>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
>Power and Associates
>
>Confidentiality Notice:
>The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may
contain privileged or confidential information. If the reader of this
message is not the intended recipient or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that dissemination, distribution or copying of this information
is prohibited. If you have received this communication in error, please
notify the sender immediately by telephone and destroy the copies you
received.
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
18 years, 3 months
RE: [Fedora-directory-users] Some password policy enforcement information questions
by Bliss, Aaron
If I've configured a correct password policy and the warning attribute
is not getting updated, should this be considered a bug?
Aaron
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard
Megginson
Sent: Thursday, January 19, 2006 1:48 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Some password policy enforcement
information questions
Bliss, Aaron wrote:
>Please forgive me if I'm asking silly newbie questions, however I'm
>trying to understand exactly what I'm seeing thru fds; first the policy
>I've configured on the directory using the fds console:
>I've enabled fine-grain password policy for the data unit, including
>password history enforcement, password expiration after 90 days,
>password warning 14 days before password expires, check password
>syntax, account lockout policy enabled after 3 login failures for 120
>minutes and reset failure count after 15 minutes.
>
>Everything seems to be working except for send password warning; in the
>client's ldap.conf file, I've enabled pam_lookup_policy yes.
>
>Looking at account information attributes for a user, passwordexpwarnd
>value is 0; I've reset users password to try to initialize the password
>policy, however this value never seems to change. According to this
>documentation
>http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1077
>0
>81 I believe that this attribute is stored in seconds. Is this true?
>
>
Yes.
>If so, what can I do to ensure this attribute is getting updated
>(assuming that this is the attribute responsible for triggering
>password expiration warning).
>
>
I'm not really sure.
>Second issue/question:
>I've looked at this wiki
>http://directory.fedora.redhat.com/wiki/Howto:PAM and near the very
>bottom it mentions adding the following
>
> dn: cn=config
> changetype: modify
> add: passwordExp
> passwordExp: on
> -
> add: passwordMaxAge
> passwordMaxAge: 8640000 (this I believe would give a password max age
>of 100 days)
>
>Do I need to add these attributes even though I've configured the
>password policy using fds console has done this for me. Is this the
>case, I see don't these attributes in the gui, however I do see
>passwordexpirationtime as an attribute and is set to 90 days from now
>(I'm want to ensure that accounts are indeed locked after passwords
>have expired).
>
>
Those attributes are only for global (default) password policy - what
you have set for fine grained password policy will override those.
>Also, Jim Summers posted to this group that he saw an issue with
>shadowpasswd / shadowexpire fields not being updated
>https://www.redhat.com/archives/fedora-directory-users/2005-December/ms
>g
>00367.html
>
>Can anyone tell me what these fields are used for, as I don't see any
>mention of them in this documentation
>http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1077
>0
>81
>
>
Right. They are a PAM/posix thing - FDS treats them as any other data -
it doesn't update them from it's own password policy.
>Thanks again very much.
>
>Aaron
>
>
>
>
>www.preferredcare.org
>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
>Power and Associates
>
>Confidentiality Notice:
>The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may
contain privileged or confidential information. If the reader of this
message is not the intended recipient or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that dissemination, distribution or copying of this information
is prohibited. If you have received this communication in error, please
notify the sender immediately by telephone and destroy the copies you
received.
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
18 years, 3 months
[Fedora-directory-users] Some password policy enforcement information questions
by Bliss, Aaron
Please forgive me if I'm asking silly newbie questions, however I'm
trying to understand exactly what I'm seeing thru fds; first the policy
I've configured on the directory using the fds console:
I've enabled fine-grain password policy for the data unit, including
password history enforcement, password expiration after 90 days,
password warning 14 days before password expires, check password syntax,
account lockout policy enabled after 3 login failures for 120 minutes
and reset failure count after 15 minutes.
Everything seems to be working except for send password warning; in the
client's ldap.conf file, I've enabled pam_lookup_policy yes.
Looking at account information attributes for a user, passwordexpwarnd
value is 0; I've reset users password to try to initialize the password
policy, however this value never seems to change. According to this
documentation
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#10770
81 I believe that this attribute is stored in seconds. Is this true?
If so, what can I do to ensure this attribute is getting updated
(assuming that this is the attribute responsible for triggering password
expiration warning).
Second issue/question:
I've looked at this wiki
http://directory.fedora.redhat.com/wiki/Howto:PAM and near the very
bottom it mentions adding the following
dn: cn=config
changetype: modify
add: passwordExp
passwordExp: on
-
add: passwordMaxAge
passwordMaxAge: 8640000 (this I believe would give a password max age
of 100 days)
Do I need to add these attributes even though I've configured the
password policy using fds console has done this for me. Is this the
case, I see don't these attributes in the gui, however I do see
passwordexpirationtime as an attribute and is set to 90 days from now
(I'm want to ensure that accounts are indeed locked after passwords have
expired).
Also, Jim Summers posted to this group that he saw an issue with
shadowpasswd / shadowexpire fields not being updated
https://www.redhat.com/archives/fedora-directory-users/2005-December/msg
00367.html
Can anyone tell me what these fields are used for, as I don't see any
mention of them in this documentation
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#10770
81
Thanks again very much.
Aaron
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
18 years, 3 months
RE: [Fedora-directory-users] Password history is not being enforced by the directory server
by Bliss, Aaron
I think I've figured it out. After running authconfig, pam_password md5
was enabled in /etc/ldap.conf. Commenting this out seems to have taken
care things. After commenting that out, clients now return this when
attempting to use an old password.
LDAP password information update failed: Can't contact LDAP server
password in history
passwd: Permission denied
Thanks again for your help.
Aaron
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Jonathan
Barber
Sent: Thursday, January 19, 2006 11:04 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Password history is not being
enforced by the directory server
On Thu, Jan 19, 2006 at 11:01:26AM -0500, Bliss, Aaron wrote:
> It appears that this is an issue with the client; if I attempt change
> a users password from within fds using a password that I've already
> used for that user, I get a warning from fds indicating that it
> violates password history rule. However, using passwd from a client
> allows usage of old passwords.
PDAL libnss_ldap has another option (present in 2.4.3 at least):
pam_lookup_policy yes
which may be what you need.
>
> Aaron
>
> -----Original Message-----
> From: fedora-directory-users-bounces(a)redhat.com
> [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
> Richard Megginson
> Sent: Thursday, January 19, 2006 10:59 AM
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] Password history is not being
> enforced by the directory server
>
> Bliss, Aaron wrote:
>
> >I'm not sure why, but for some reason the directory servers are not
> >enforcing password history policies. I've set the policy from within
> >the fds console at the data level (as described in directory server
> >documentation).
> >
> Did you set "Enable fine-grained password policy" under the
> Configuration tab -> Data node -> Passwords tab? Because the console
> will allow you to configure the fine grained password policy under the
> Directory tab even if this is not set, but it will not take effect.
>
> >Here is a sample ldap.conf file:
> >
> >pam_password exop
> >pam_password clear
> >pam_password md5
> >ssl start_tls
> >ssl on
> >
> >I'm running fds 1.0.1 on a redhat 4 box (actually have 2 directory
> >servers, I've set this policy on both servers, supplier consumer
> >replication is setup between them.
> >
> >I've verified that this is not enforced regardless if the client has
> >ssl enabled or not.
> >
> Did you try ldapmodify from the command line to see if the problem is
> with FDS or with PAM? e.g.
> ldapmodify -D "uid=user,ou=people,dc=company,dc=com" -w
> currentpassword
> dn: uid=user,ou=people,dc=company,dc=com
> changetype: modify
> replace: userPassword
> userPassword: passwordinhistory
>
> >Please advise as this is a highly critical issue that I must get
> >fixed in order to move this into production. Thanks very much.
> >
> >Aaron
> >
> >www.preferredcare.org
> >"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
> >Power and Associates
> >
> >Confidentiality Notice:
> >The information contained in this electronic message is intended for
> the exclusive use of the individual or entity named above and may
> contain privileged or confidential information. If the reader of this
> message is not the intended recipient or the employee or agent
> responsible to deliver it to the intended recipient, you are hereby
> notified that dissemination, distribution or copying of this
> information is prohibited. If you have received this communication in
> error, please notify the sender immediately by telephone and destroy
> the copies you received.
> >
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users(a)redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
>
>
> www.preferredcare.org
> "An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
> Power and Associates
>
> Confidentiality Notice:
> The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may
contain privileged or confidential information. If the reader of this
message is not the intended recipient or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that dissemination, distribution or copying of this information
is prohibited. If you have received this communication in error, please
notify the sender immediately by telephone and destroy the copies you
received.
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Jonathan Barber
High Performance Computing Analysis
Tel. +44 (0) 1382 86389
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
18 years, 3 months
RE: [Fedora-directory-users] Password history is not being enforced by the directory server
by Bliss, Aaron
Sorry I forgot to include, but I have pam_lookup_policy yes already set
in ldap.conf.
Aaron
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Jonathan
Barber
Sent: Thursday, January 19, 2006 11:04 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Password history is not being
enforced by the directory server
On Thu, Jan 19, 2006 at 11:01:26AM -0500, Bliss, Aaron wrote:
> It appears that this is an issue with the client; if I attempt change
> a users password from within fds using a password that I've already
> used for that user, I get a warning from fds indicating that it
> violates password history rule. However, using passwd from a client
> allows usage of old passwords.
PDAL libnss_ldap has another option (present in 2.4.3 at least):
pam_lookup_policy yes
which may be what you need.
>
> Aaron
>
> -----Original Message-----
> From: fedora-directory-users-bounces(a)redhat.com
> [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
> Richard Megginson
> Sent: Thursday, January 19, 2006 10:59 AM
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] Password history is not being
> enforced by the directory server
>
> Bliss, Aaron wrote:
>
> >I'm not sure why, but for some reason the directory servers are not
> >enforcing password history policies. I've set the policy from within
> >the fds console at the data level (as described in directory server
> >documentation).
> >
> Did you set "Enable fine-grained password policy" under the
> Configuration tab -> Data node -> Passwords tab? Because the console
> will allow you to configure the fine grained password policy under the
> Directory tab even if this is not set, but it will not take effect.
>
> >Here is a sample ldap.conf file:
> >
> >pam_password exop
> >pam_password clear
> >pam_password md5
> >ssl start_tls
> >ssl on
> >
> >I'm running fds 1.0.1 on a redhat 4 box (actually have 2 directory
> >servers, I've set this policy on both servers, supplier consumer
> >replication is setup between them.
> >
> >I've verified that this is not enforced regardless if the client has
> >ssl enabled or not.
> >
> Did you try ldapmodify from the command line to see if the problem is
> with FDS or with PAM? e.g.
> ldapmodify -D "uid=user,ou=people,dc=company,dc=com" -w
> currentpassword
> dn: uid=user,ou=people,dc=company,dc=com
> changetype: modify
> replace: userPassword
> userPassword: passwordinhistory
>
> >Please advise as this is a highly critical issue that I must get
> >fixed in order to move this into production. Thanks very much.
> >
> >Aaron
> >
> >www.preferredcare.org
> >"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
> >Power and Associates
> >
> >Confidentiality Notice:
> >The information contained in this electronic message is intended for
> the exclusive use of the individual or entity named above and may
> contain privileged or confidential information. If the reader of this
> message is not the intended recipient or the employee or agent
> responsible to deliver it to the intended recipient, you are hereby
> notified that dissemination, distribution or copying of this
> information is prohibited. If you have received this communication in
> error, please notify the sender immediately by telephone and destroy
> the copies you received.
> >
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users(a)redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
>
>
> www.preferredcare.org
> "An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
> Power and Associates
>
> Confidentiality Notice:
> The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may
contain privileged or confidential information. If the reader of this
message is not the intended recipient or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that dissemination, distribution or copying of this information
is prohibited. If you have received this communication in error, please
notify the sender immediately by telephone and destroy the copies you
received.
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Jonathan Barber
High Performance Computing Analysis
Tel. +44 (0) 1382 86389
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
18 years, 3 months