We recently discovered that some of our users can pad their login passwords with additional characters and still get authenticated by our 389DS. Our server was migrated from another server and we didn't set anything as far as password requirements in the 389DS because we didn't want to end up locking any migrated users out. Would the default settings for 389DS have a max number of characters that it looks at/returns, so that when these users are logging in and padding their passwords, it doesn't matter because it is only using the first 8 characters or something?
We also found that after a user has changed their password using our password change program, which does enforce password rules, they are no longer able to pad their passwords. thanks for any insight - EJ -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
