[Freeipa-devel] [PATCH] Rewrite pwpolicy plugin based on baseldap.py.
Pavel Zuna
pzuna at redhat.com
Tue Aug 4 15:23:08 UTC 2009
Rob Crittenden wrote:
> Pavel Zůna wrote:
>> Fix bugs: 510740, 510739, 510735, 510733, 510532
>>
>> Pavel
>
> A couple of issues with the max values. I checked DS and I think the
> maxes should shadow it.
>
> krbpwdhistorylength: 24
> krbpwdmindiffchars: 6
Ok, I picked most of the max values at random. I'm changing history length max
to 24, but I left mindiffchars at 5, because according to `man kpasswd` there's
only 5 different character classes.
>
> And I have some further questions for the team.
>
> Do we want to limit password validity to 1 year max? Do we need a limit
> at all other than maxInt?
>
> Is 30 big enough for a password?
>
> This doesn't seem to enforce that maxlife > minlife.
It does now. :)
> rob
>
Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Rewrite-pwpolicy-plugin-based-on-baseldap.py.patch
Type: application/mbox
Size: 6256 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090804/6b51f76a/attachment.mbox>
More information about the Freeipa-devel
mailing list