ppolicy module should be used to enforce ubuntu's default password policy

Bug #121337 reported by Rick Clark on 2007-06-20
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)

Bug Description

Binary package hint: slapd

The ppolicy module should be used to enforce ubuntu's default policy of min=4 max=8 set in the pam configs. The openldap module and schema are already included in the slapd package, there is just configuration work that needs to be done.

If this was deemed necessary to enforce in pam it should be enforced in openldap as well.

This is in openldap2.3-2.3.30

Rick Clark (dendrobates) wrote :

I am using this bug as a training exercise and will fix it myself.

PaulSchulz (paulschulz) wrote :

Is this where openldap is serving as an authentication source for pam?

Rick Clark (dendrobates) wrote :

Yes. this would enforce the password policy regardless of the method used to change it. Currently, it would be possible to do a ldap_modify to change your password to a 1 character password that would let you authenticate to any clients, including pam_ldap.

I plan on fixing this in gutsy.

Rick Clark (dendrobates) on 2007-06-20
Changed in openldap2.3:
assignee: nobody → dendrobates
Loye Young (loyeyoung) wrote :

On servers, I think it's essential to have strong passwords. I usually change the default policy on my builds to require complex passwords longer than 8 characters. What I would really like is for openldap and/or pam ask for permission to enforce password complexity and migrate that setting throughout.

Loye Young
Laredo, Texas

Rick Clark (dendrobates) on 2007-06-28
Changed in openldap2.3:
importance: Undecided → Wishlist
status: New → Confirmed
Mathias Gug (mathiaz) on 2009-03-10
Changed in openldap:
status: Confirmed → Triaged
assignee: dendrobates → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers