Tuesday, March 23, 2021

[389-users] Re: Password Upgrade on Bind modify

On 3/23/21 4:29 AM, Jan Tomasek wrote:

I've upgraded from older 389DS to and realized that server started upgrading hashing algorithm of userPassword it is fine, but it also moves forward passwordExpirationTime.

I know I can set

dn: cn=config
nsslapd-enable-upgrade-hash: off

to disable this feature.

Is there way how to only disable passwordExpirationTime updating and keep password hash upgrading enabled?

Not at the moment, and I suspect this side effect was overlooked during the development this feature.  I'm not sure if it will be easy to avoid password policy updates when this plugin updates the userpassword, but we should definitely look into it.  I'll file a ticket to investigate it.



_______________________________________________  389-users mailing list -- 389-users@lists.fedoraproject.org  To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org  Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/  List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines  List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org  Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure  
--     389 Directory Server Development Team

No comments:

Post a Comment