Also what password storage scheme are you using? For example "crypt" only checks the first 8 characters of a password. On 11/12/2012 11:18 AM, Dan Lavu wrote: In regards to a password policy? Just 389 or are you using winsync with AD? Because the password policy from AD does not transfer over. Also they are some extra steps if you want to setup an OU based password policy but if you just do it for the entire directory through ‘configuration’ it works with no issues. Dan *From:* Ali Jawad <ali.jawad(a)splendor.net&gt; *Sent:* November 12, 2012 6:00 AM *To:* General discussion list for the 389 Directory server project. *Subject:* [389-users] Password + anything works ? Hi I just noticed that you can use the password+ANYLetters and it will work, I.e. if the password is xyz xyz99 or xyzABC will work as well, is this a misconfiguration on my part or a bug ? Regards * * -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users -- Mark Reynolds Red Hat, Incmreynolds(a)redhat.com

Only "crypt" uses the first 8 characters, so any other scheme would be fine. After you change the scheme you will need to force all the users to change their passwords - otherwise their crypt passwords will still be present. On 11/12/2012 01:52 PM, Ali Jawad wrote: Hi All This is an all Linux environment with 389 being used as the sole authentication mechanism, I do believe I am using crypt, I am out of office right now, what should I use instead of crypt to match more characters ? Regards On Mon, Nov 12, 2012 at 7:02 PM, Mark Reynolds <mareynol(a)redhat.com&gt;wrote: > Also what password storage scheme are you using? For example "crypt" > only checks the first 8 characters of a password. > > > On 11/12/2012 11:18 AM, Dan Lavu wrote: > > In regards to a password policy? Just 389 or are you using winsync with > AD? Because the password policy from AD does not transfer over. Also they > are some extra steps if you want to setup an OU based password policy but > if you just do it for the entire directory through ‘configuration’ it works > with no issues. > > Dan > > *From:* Ali Jawad <ali.jawad(a)splendor.net&gt; > *Sent:* November 12, 2012 6:00 AM > *To:* General discussion list for the 389 Directory server project. > *Subject:* [389-users] Password + anything works ? > > Hi > I just noticed that you can use the password+ANYLetters and it will work, > I.e. if the password is xyz xyz99 or xyzABC will work as well, is this a > misconfiguration on my part or a bug ? > Regards > > * > * > > > > -- > 389 users mailing list > 389-users(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > -- > 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users > > > -- > Mark Reynolds > Red Hat, Incmreynolds(a)redhat.com > > -- *Ali Jawad * *Information Systems Manager CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA * *Splendor Telecom (www.splendor.net) Beirut, Lebanon Phone: +9611373725/ext 116 FAX: +9611375554 * -- Mark Reynolds Red Hat, Incmreynolds(a)redhat.com

I'm not aware of passwords not being updated based off the connection type. It should work. On 11/12/2012 02:03 PM, Ali Jawad wrote: In that case I have a major overhaul that I need to complete, change password is not working for me, my assumption is that it only works with TLS enabled between the client and the server, I have tried to get TLS to run a few times but could not get it to run so far. Am I right about the assumption that I need encryption between the server and the clients for password change to work ? Regards On Mon, Nov 12, 2012 at 8:56 PM, Mark Reynolds <mareynol(a)redhat.com&gt;wrote: > Only "crypt" uses the first 8 characters, so any other scheme would be > fine. After you change the scheme you will need to force all the users to > change their passwords - otherwise their crypt passwords will still be > present. > > > > On 11/12/2012 01:52 PM, Ali Jawad wrote: > > Hi All > This is an all Linux environment with 389 being used as the sole > authentication mechanism, I do believe I am using crypt, I am out of office > right now, what should I use instead of crypt to match more characters ? > Regards > > On Mon, Nov 12, 2012 at 7:02 PM, Mark Reynolds <mareynol(a)redhat.com&gt;wrote: > >> Also what password storage scheme are you using? For example "crypt" >> only checks the first 8 characters of a password. >> >> >> On 11/12/2012 11:18 AM, Dan Lavu wrote: >> >> In regards to a password policy? Just 389 or are you using winsync >> with AD? Because the password policy from AD does not transfer over. Also >> they are some extra steps if you want to setup an OU based password policy >> but if you just do it for the entire directory through ‘configuration’ it >> works with no issues. >> >> Dan >> >> *From:* Ali Jawad <ali.jawad(a)splendor.net&gt; >> *Sent:* November 12, 2012 6:00 AM >> *To:* General discussion list for the 389 Directory server project. >> *Subject:* [389-users] Password + anything works ? >> >> Hi >> I just noticed that you can use the password+ANYLetters and it will >> work, I.e. if the password is xyz xyz99 or xyzABC will work as well, is >> this a misconfiguration on my part or a bug ? >> Regards >> >> * >> * >> >> >> >> -- >> 389 users mailing list >> 389-users(a)lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> >> -- >> 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users >> >> >> -- >> Mark Reynolds >> Red Hat, Incmreynolds(a)redhat.com >> >> > > > -- > *Ali Jawad > * > *Information Systems Manager > CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA > * > *Splendor Telecom (www.splendor.net) > Beirut, Lebanon > Phone: +9611373725/ext 116 > FAX: +9611375554 > > * > > > -- > Mark Reynolds > Red Hat, Incmreynolds(a)redhat.com > > -- *Ali Jawad * *Information Systems Manager CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA * *Splendor Telecom (www.splendor.net) Beirut, Lebanon Phone: +9611373725/ext 116 FAX: +9611375554 * -- Mark Reynolds Red Hat, Incmreynolds(a)redhat.com

Hello On Tue, Nov 13, 2012 at 12:33 AM, Ali Jawad <ali.jawad(a)splendor.net&gt; wrote: > In that case I have a major overhaul that I need to complete, change > password is not working for me, my assumption is that it only works with TLS > enabled between the client and the server, I have tried to get TLS to run a > few times but could not get it to run so far. Am I right about the > assumption that I need encryption between the server and the clients for > password change to work ? > Regards > When using ldappasswd command, Yes ssl/tls is mandatory, Try changing password using ldapmodify, it doesnt required ssl/tls connection. > > On Mon, Nov 12, 2012 at 8:56 PM, Mark Reynolds <mareynol(a)redhat.com&gt; wrote: >> >> Only "crypt" uses the first 8 characters, so any other scheme would be >> fine. After you change the scheme you will need to force all the users to >> change their passwords - otherwise their crypt passwords will still be >> present. >> >> >> >> On 11/12/2012 01:52 PM, Ali Jawad wrote: >> >> Hi All >> This is an all Linux environment with 389 being used as the sole >> authentication mechanism, I do believe I am using crypt, I am out of office >> right now, what should I use instead of crypt to match more characters ? >> Regards >> >> On Mon, Nov 12, 2012 at 7:02 PM, Mark Reynolds <mareynol(a)redhat.com&gt; >> wrote: >>> >>> Also what password storage scheme are you using? For example "crypt" >>> only checks the first 8 characters of a password. >>> >>> >>> On 11/12/2012 11:18 AM, Dan Lavu wrote: >>> >>> In regards to a password policy? Just 389 or are you using winsync with >>> AD? Because the password policy from AD does not transfer over. Also they >>> are some extra steps if you want to setup an OU based password policy but if >>> you just do it for the entire directory through ‘configuration’ it works >>> with no issues. >>> >>> Dan >>> >>> From: Ali Jawad <ali.jawad(a)splendor.net&gt; >>> Sent: November 12, 2012 6:00 AM >>> To: General discussion list for the 389 Directory server project. >>> Subject: [389-users] Password + anything works ? >>> >>> Hi >>> I just noticed that you can use the password+ANYLetters and it will work, >>> I.e. if the password is xyz xyz99 or xyzABC will work as well, is this a >>> misconfiguration on my part or a bug ? >>> Regards >>> Regards Arpit Tolani -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

Hello On Tue, Nov 13, 2012 at 1:10 PM, Ali Jawad <ali.jawad(a)splendor.net&gt; wrote: > Hi Arpit > Actually I was attempting to change the password using command line > > passwd > > I.e. each user changes his own password, is passwd the right choice here ? > Yes, passwd is right choice, considering you have pam_ldap.so properly configured & yes passwd dont need ssl/tls to be configured. > Regards > > On Mon, Nov 12, 2012 at 11:27 PM, Arpit Tolani <arpittolani(a)gmail.com&gt; > wrote: >> >> Hello >> >> On Tue, Nov 13, 2012 at 12:33 AM, Ali Jawad <ali.jawad(a)splendor.net&gt; >> wrote: >> > In that case I have a major overhaul that I need to complete, change >> > password is not working for me, my assumption is that it only works with >> > TLS >> > enabled between the client and the server, I have tried to get TLS to >> > run a >> > few times but could not get it to run so far. Am I right about the >> > assumption that I need encryption between the server and the clients for >> > password change to work ? >> > Regards >> > >> >> When using ldappasswd command, Yes ssl/tls is mandatory, Try changing >> password using ldapmodify, it doesnt required ssl/tls connection. >> >> > >> > On Mon, Nov 12, 2012 at 8:56 PM, Mark Reynolds <mareynol(a)redhat.com&gt; >> > wrote: >> >> >> >> Only "crypt" uses the first 8 characters, so any other scheme would be >> >> fine. After you change the scheme you will need to force all the users >> >> to >> >> change their passwords - otherwise their crypt passwords will still be >> >> present. >> >> >> >> >> >> >> >> On 11/12/2012 01:52 PM, Ali Jawad wrote: >> >> >> >> Hi All >> >> This is an all Linux environment with 389 being used as the sole >> >> authentication mechanism, I do believe I am using crypt, I am out of >> >> office >> >> right now, what should I use instead of crypt to match more characters >> >> ? >> >> Regards >> >> >> >> On Mon, Nov 12, 2012 at 7:02 PM, Mark Reynolds <mareynol(a)redhat.com&gt; >> >> wrote: >> >>> >> >>> Also what password storage scheme are you using? For example "crypt" >> >>> only checks the first 8 characters of a password. >> >>> >> >>> >> >>> On 11/12/2012 11:18 AM, Dan Lavu wrote: >> >>> >> >>> In regards to a password policy? Just 389 or are you using winsync >> >>> with >> >>> AD? Because the password policy from AD does not transfer over. Also >> >>> they >> >>> are some extra steps if you want to setup an OU based password policy >> >>> but if >> >>> you just do it for the entire directory through ‘configuration’ it >> >>> works >> >>> with no issues. >> >>> >> >>> Dan >> >>> >> >>> From: Ali Jawad <ali.jawad(a)splendor.net&gt; >> >>> Sent: November 12, 2012 6:00 AM >> >>> To: General discussion list for the 389 Directory server project. >> >>> Subject: [389-users] Password + anything works ? >> >>> >> >>> Hi >> >>> I just noticed that you can use the password+ANYLetters and it will >> >>> work, >> >>> I.e. if the password is xyz xyz99 or xyzABC will work as well, is this >> >>> a >> >>> misconfiguration on my part or a bug ? >> >>> Regards >> >>> >> >> Regards >> Arpit Tolani >> -- >> 389 users mailing list >> 389-users(a)lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > -- > Ali Jawad > Information Systems Manager > CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA > Splendor Telecom (www.splendor.net) > Beirut, Lebanon > Phone: +9611373725/ext 116 > FAX: +9611375554 > > > > -- > 389 users mailing list > 389-users(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -- Regards Arpit Tolani -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

What about NSS configuration? Maybe there is configuration making ssl mandatory? Greg 13 lis 2012 12:51, "Ali Jawad" <ali.jawad(a)splendor.net&gt; napisał(a): Hi All > I am trying to change the password using passwd, please see the below : > > [xyz@server ~]$ passwd > Changing password for user xyz. > Enter login(LDAP) password: > New UNIX password: > Retype new UNIX password: > *LDAP password information update failed: Confidentiality required* > *Operation requires a secure connection.* > > The error log shows > Nov 13 11:47:17 HA-Dev-Nymgo-100-45 passwd: pam_unix(passwd:chauthtok): > user "xyz" does not exist in /etc/passwd > > Pam config follows : > > /etc/pam.d/passwd > #%PAM-1.0 > auth include system-auth > account include system-auth > password include system-auth > ~ > > /etc/pam.d/system-auth > > #/etc/pam.d/system-auth > #%PAM-1.0 > > auth required pam_env.so > auth sufficient pam_unix.so > auth sufficient pam_ldap.so use_first_pass > auth required pam_deny.so > > account sufficient pam_unix.so > account sufficient pam_ldap.so use_first_pass > account required pam_deny.so > > password requisite pam_cracklib.so try_first_pass retry=3 > password sufficient pam_unix.so md5 shadow nullok try_first_pass > use_authtok > password sufficient pam_ldap.so use_authtok > password required pam_deny.so > > > #password required pam_cracklib.so retry=3 minlen=2 > dcredit=0 ucredit=0 > #password sufficient pam_unix.so nullok use_authtok md5 shadow > #password sufficient pam_ldap.so > #password required pam_deny.so > > session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022 > session required pam_limits.so > session required pam_unix.so > session optional pam_ldap.so > ~ > ~ > > > > On Tue, Nov 13, 2012 at 11:15 AM, Arpit Tolani <arpittolani(a)gmail.com&gt;wrote: > >> Hello >> >> >> >> On Tue, Nov 13, 2012 at 1:10 PM, Ali Jawad <ali.jawad(a)splendor.net&gt; >> wrote: >> > Hi Arpit >> > Actually I was attempting to change the password using command line >> > >> > passwd >> > >> > I.e. each user changes his own password, is passwd the right choice >> here ? >> > >> >> Yes, passwd is right choice, considering you have pam_ldap.so properly >> configured & yes passwd dont need ssl/tls to be configured. >> >> >> > Regards >> > >> > On Mon, Nov 12, 2012 at 11:27 PM, Arpit Tolani <arpittolani(a)gmail.com&gt; >> > wrote: >> >> >> >> Hello >> >> >> >> On Tue, Nov 13, 2012 at 12:33 AM, Ali Jawad <ali.jawad(a)splendor.net&gt; >> >> wrote: >> >> > In that case I have a major overhaul that I need to complete, change >> >> > password is not working for me, my assumption is that it only works >> with >> >> > TLS >> >> > enabled between the client and the server, I have tried to get TLS >> to >> >> > run a >> >> > few times but could not get it to run so far. Am I right about the >> >> > assumption that I need encryption between the server and the >> clients for >> >> > password change to work ? >> >> > Regards >> >> > >> >> >> >> When using ldappasswd command, Yes ssl/tls is mandatory, Try changing >> >> password using ldapmodify, it doesnt required ssl/tls connection. >> >> >> >> > >> >> > On Mon, Nov 12, 2012 at 8:56 PM, Mark Reynolds <mareynol(a)redhat.com >> > >> >> > wrote: >> >> >> >> >> >> Only "crypt" uses the first 8 characters, so any other scheme >> would be >> >> >> fine. After you change the scheme you will need to force all the >> users >> >> >> to >> >> >> change their passwords - otherwise their crypt passwords will >> still be >> >> >> present. >> >> >> >> >> >> >> >> >> >> >> >> On 11/12/2012 01:52 PM, Ali Jawad wrote: >> >> >> >> >> >> Hi All >> >> >> This is an all Linux environment with 389 being used as the sole >> >> >> authentication mechanism, I do believe I am using crypt, I am out >> of >> >> >> office >> >> >> right now, what should I use instead of crypt to match more >> characters >> >> >> ? >> >> >> Regards >> >> >> >> >> >> On Mon, Nov 12, 2012 at 7:02 PM, Mark Reynolds < >> mareynol(a)redhat.com&gt; >> >> >> wrote: >> >> >>> >> >> >>> Also what password storage scheme are you using? For example >> "crypt" >> >> >>> only checks the first 8 characters of a password. >> >> >>> >> >> >>> >> >> >>> On 11/12/2012 11:18 AM, Dan Lavu wrote: >> >> >>> >> >> >>> In regards to a password policy? Just 389 or are you using winsync >> >> >>> with >> >> >>> AD? Because the password policy from AD does not transfer over. >> Also >> >> >>> they >> >> >>> are some extra steps if you want to setup an OU based password >> policy >> >> >>> but if >> >> >>> you just do it for the entire directory through ‘configuration’ it >> >> >>> works >> >> >>> with no issues. >> >> >>> >> >> >>> Dan >> >> >>> >> >> >>> From: Ali Jawad <ali.jawad(a)splendor.net&gt; >> >> >>> Sent: November 12, 2012 6:00 AM >> >> >>> To: General discussion list for the 389 Directory server project. >> >> >>> Subject: [389-users] Password + anything works ? >> >> >>> >> >> >>> Hi >> >> >>> I just noticed that you can use the password+ANYLetters and it >> will >> >> >>> work, >> >> >>> I.e. if the password is xyz xyz99 or xyzABC will work as well, is >> this >> >> >>> a >> >> >>> misconfiguration on my part or a bug ? >> >> >>> Regards >> >> >>> >> >> >> >> Regards >> >> Arpit Tolani >> >> -- >> >> 389 users mailing list >> >> 389-users(a)lists.fedoraproject.org >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > >> > >> > >> > >> > -- >> > Ali Jawad >> > Information Systems Manager >> > CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA >> > Splendor Telecom (www.splendor.net) >> > Beirut, Lebanon >> > Phone: +9611373725/ext 116 >> > FAX: +9611375554 >> > >> > >> > >> > -- >> > 389 users mailing list >> > 389-users(a)lists.fedoraproject.org >> > https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> -- >> Regards >> Arpit Tolani >> -- >> 389 users mailing list >> 389-users(a)lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > > > -- > *Ali Jawad > * > *Information Systems Manager > CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA > * > *Splendor Telecom (www.splendor.net) > Beirut, Lebanon > Phone: +9611373725/ext 116 > FAX: +9611375554 > > * > > > -- > 389 users mailing list > 389-users(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

Sorry my bad i thinking about ldap.conf but said nss... Does ldap.conf contains only these lines? Why you use pam_password clear and then exop? try crypt. Greg. 13 lis 2012 13:18, "Ali Jawad" <ali.jawad(a)splendor.net&gt; napisał(a): Hi > nsswitch.conf contains the following relevant lines, the rest is > unchanged > > > passwd: ldap files > shadow: ldap files > group: ldap files > > Maybe it is my ldap settings, please see /etc/ldap.conf below > > bind_policy soft > URI ldap://ldap.server.ip > BASE dc=domain,dc=local > TLS_CACERTDIR /etc/openldap/cacerts > pam_password clear > pam_lookup_policy yes > pam_password exop > # Idle timelimit; client will close connections > # (nss_ldap only) if the server has not been contacted > # for the number of seconds specified below. > #idle_timelimit 3600 > idle_timelimit 900 > > > On Tue, Nov 13, 2012 at 1:59 PM, Grzegorz Dwornicki <gd1100(a)gmail.com&gt;wrote: > >> What about NSS configuration? Maybe there is configuration making ssl >> mandatory? >> >> Greg >> 13 lis 2012 12:51, "Ali Jawad" <ali.jawad(a)splendor.net&gt; napisał(a): >> >> Hi All >>> I am trying to change the password using passwd, please see the below : >>> >>> [xyz@server ~]$ passwd >>> Changing password for user xyz. >>> Enter login(LDAP) password: >>> New UNIX password: >>> Retype new UNIX password: >>> *LDAP password information update failed: Confidentiality required* >>> *Operation requires a secure connection.* >>> >>> The error log shows >>> Nov 13 11:47:17 HA-Dev-Nymgo-100-45 passwd: pam_unix(passwd:chauthtok): >>> user "xyz" does not exist in /etc/passwd >>> >>> Pam config follows : >>> >>> /etc/pam.d/passwd >>> #%PAM-1.0 >>> auth include system-auth >>> account include system-auth >>> password include system-auth >>> ~ >>> >>> /etc/pam.d/system-auth >>> >>> #/etc/pam.d/system-auth >>> #%PAM-1.0 >>> >>> auth required pam_env.so >>> auth sufficient pam_unix.so >>> auth sufficient pam_ldap.so use_first_pass >>> auth required pam_deny.so >>> >>> account sufficient pam_unix.so >>> account sufficient pam_ldap.so use_first_pass >>> account required pam_deny.so >>> >>> password requisite pam_cracklib.so try_first_pass retry=3 >>> password sufficient pam_unix.so md5 shadow nullok try_first_pass >>> use_authtok >>> password sufficient pam_ldap.so use_authtok >>> password required pam_deny.so >>> >>> >>> #password required pam_cracklib.so retry=3 minlen=2 >>> dcredit=0 ucredit=0 >>> #password sufficient pam_unix.so nullok use_authtok md5 >>> shadow >>> #password sufficient pam_ldap.so >>> #password required pam_deny.so >>> >>> session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022 >>> session required pam_limits.so >>> session required pam_unix.so >>> session optional pam_ldap.so >>> ~ >>> ~ >>> >>> >>> >>> On Tue, Nov 13, 2012 at 11:15 AM, Arpit Tolani <arpittolani(a)gmail.com&gt;wrote: >>> >>>> Hello >>>> >>>> >>>> >>>> On Tue, Nov 13, 2012 at 1:10 PM, Ali Jawad <ali.jawad(a)splendor.net&gt; >>>> wrote: >>>> > Hi Arpit >>>> > Actually I was attempting to change the password using command line >>>> > >>>> > passwd >>>> > >>>> > I.e. each user changes his own password, is passwd the right choice >>>> here ? >>>> > >>>> >>>> Yes, passwd is right choice, considering you have pam_ldap.so properly >>>> configured & yes passwd dont need ssl/tls to be configured. >>>> >>>> >>>> > Regards >>>> > >>>> > On Mon, Nov 12, 2012 at 11:27 PM, Arpit Tolani < >>>> arpittolani(a)gmail.com&gt; >>>> > wrote: >>>> >> >>>> >> Hello >>>> >> >>>> >> On Tue, Nov 13, 2012 at 12:33 AM, Ali Jawad <ali.jawad(a)splendor.net >>>> > >>>> >> wrote: >>>> >> > In that case I have a major overhaul that I need to complete, >>>> change >>>> >> > password is not working for me, my assumption is that it only >>>> works with >>>> >> > TLS >>>> >> > enabled between the client and the server, I have tried to get >>>> TLS to >>>> >> > run a >>>> >> > few times but could not get it to run so far. Am I right about the >>>> >> > assumption that I need encryption between the server and the >>>> clients for >>>> >> > password change to work ? >>>> >> > Regards >>>> >> > >>>> >> >>>> >> When using ldappasswd command, Yes ssl/tls is mandatory, Try >>>> changing >>>> >> password using ldapmodify, it doesnt required ssl/tls connection. >>>> >> >>>> >> > >>>> >> > On Mon, Nov 12, 2012 at 8:56 PM, Mark Reynolds < >>>> mareynol(a)redhat.com&gt; >>>> >> > wrote: >>>> >> >> >>>> >> >> Only "crypt" uses the first 8 characters, so any other scheme >>>> would be >>>> >> >> fine. After you change the scheme you will need to force all >>>> the users >>>> >> >> to >>>> >> >> change their passwords - otherwise their crypt passwords will >>>> still be >>>> >> >> present. >>>> >> >> >>>> >> >> >>>> >> >> >>>> >> >> On 11/12/2012 01:52 PM, Ali Jawad wrote: >>>> >> >> >>>> >> >> Hi All >>>> >> >> This is an all Linux environment with 389 being used as the sole >>>> >> >> authentication mechanism, I do believe I am using crypt, I am >>>> out of >>>> >> >> office >>>> >> >> right now, what should I use instead of crypt to match more >>>> characters >>>> >> >> ? >>>> >> >> Regards >>>> >> >> >>>> >> >> On Mon, Nov 12, 2012 at 7:02 PM, Mark Reynolds < >>>> mareynol(a)redhat.com&gt; >>>> >> >> wrote: >>>> >> >>> >>>> >> >>> Also what password storage scheme are you using? For example >>>> "crypt" >>>> >> >>> only checks the first 8 characters of a password. >>>> >> >>> >>>> >> >>> >>>> >> >>> On 11/12/2012 11:18 AM, Dan Lavu wrote: >>>> >> >>> >>>> >> >>> In regards to a password policy? Just 389 or are you using >>>> winsync >>>> >> >>> with >>>> >> >>> AD? Because the password policy from AD does not transfer over. >>>> Also >>>> >> >>> they >>>> >> >>> are some extra steps if you want to setup an OU based password >>>> policy >>>> >> >>> but if >>>> >> >>> you just do it for the entire directory through ‘configuration’ >>>> it >>>> >> >>> works >>>> >> >>> with no issues. >>>> >> >>> >>>> >> >>> Dan >>>> >> >>> >>>> >> >>> From: Ali Jawad <ali.jawad(a)splendor.net&gt; >>>> >> >>> Sent: November 12, 2012 6:00 AM >>>> >> >>> To: General discussion list for the 389 Directory server >>>> project. >>>> >> >>> Subject: [389-users] Password + anything works ? >>>> >> >>> >>>> >> >>> Hi >>>> >> >>> I just noticed that you can use the password+ANYLetters and it >>>> will >>>> >> >>> work, >>>> >> >>> I.e. if the password is xyz xyz99 or xyzABC will work as well, >>>> is this >>>> >> >>> a >>>> >> >>> misconfiguration on my part or a bug ? >>>> >> >>> Regards >>>> >> >>> >>>> >> >>>> >> Regards >>>> >> Arpit Tolani >>>> >> -- >>>> >> 389 users mailing list >>>> >> 389-users(a)lists.fedoraproject.org >>>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>> > >>>> > >>>> > >>>> > >>>> > -- >>>> > Ali Jawad >>>> > Information Systems Manager >>>> > CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA >>>> > Splendor Telecom (www.splendor.net) >>>> > Beirut, Lebanon >>>> > Phone: +9611373725/ext 116 >>>> > FAX: +9611375554 >>>> > >>>> > >>>> > >>>> > -- >>>> > 389 users mailing list >>>> > 389-users(a)lists.fedoraproject.org >>>> > https://admin.fedoraproject.org/mailman/listinfo/389-users >>>> >>>> -- >>>> Regards >>>> Arpit Tolani >>>> -- >>>> 389 users mailing list >>>> 389-users(a)lists.fedoraproject.org >>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>> >>> >>> >>> >>> -- >>> *Ali Jawad >>> * >>> *Information Systems Manager >>> CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA >>> * >>> *Splendor Telecom (www.splendor.net) >>> Beirut, Lebanon >>> Phone: +9611373725/ext 116 >>> FAX: +9611375554 >>> >>> * >>> >>> >>> -- >>> 389 users mailing list >>> 389-users(a)lists.fedoraproject.org >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>> >> >> -- >> 389 users mailing list >> 389-users(a)lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > > > -- > *Ali Jawad > * > *Information Systems Manager > CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA > * > *Splendor Telecom (www.splendor.net) > Beirut, Lebanon > Phone: +9611373725/ext 116 > FAX: +9611375554 > > * > > > -- > 389 users mailing list > 389-users(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users