[389-users] Re: Max password length

On Sun, 2016-01-17 at 22:16 +0000, Andy Spooner wrote: You should not set a password maximum length. By setting a maximum length, you are essentially confining the search space of your users passwords to an upper bound. This is really bad, and may aid an attacker. You should set a minimum length and quality requirements, however generally the longer the password, the better as each additional character adds more entropy and makes the passwords harder to attack. As a result, directory server does not support a maximum length field on a password. -- Sincerely, William Brown Software Engineer Red Hat, Brisbane