[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] sync passwords with AD or not per user



Rich Megginson wrote:
On 06/07/2011 03:41 PM, Steven Jones wrote:
Hi,

For most users I will want to allow the same password in AD as in
freeipa....so a linux or windows desktop will work with a linux or
windows service.....but for some specific financial servers/services I
need a stricter password capability to meet our audit criteria.
In 389 you can set password policy on a per-user or per-subtree basis.
With a little extra work, you could probably get this working on a
per-group or per-role basis as well. This should apply to IPA as well,
depending on how they have implemented support for password policy.

We have per-group password policy but we don't use the 389-ds password policy engine. What I don't know is what happens if you set a lousy password in AD whether that gets replicated to IPA. Will it be rejected, accepted?

rob


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]