[Fedora-directory-users] Previous password still works?
Richard Megginson
rmeggins at redhat.com
Thu Apr 26 19:39:09 UTC 2007
Chris Halstead wrote:
> Hi folks,
>
> I've been googling 'til my eyes bleed but I can't find anything on this.
>
> We're using FDS 1.0.2 and I recently used the admin console (logged in
> as myself, not as the admin account) to change my personal account
> password. The new password worked, so far so good. The problem is
> that my *old* password still worked as well. Everywhere. Login
> through PAM, login to the FDS admin console, you name it.
So, both old and new password work everywhere? pam too? Have you tried
the command line ldapsearch?
>
> After doing some testing I've found that if I change my password
> logged in as myself the old password will still work, yet if I change
> it logged in with our admin user account only the new one works. What
> am I missing?
>
> I was planning on putting together a web-form for user password
> changes (using the user's credentials to bind), but if user password
> changes won't invalidate old passwords I'm going to have to change my
> approach.
>
> -chris
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070426/861edf9d/attachment.bin>
More information about the Fedora-directory-users
mailing list