Hi, I use LTB Self Service Password for reset passwd via token. (centos 6, apache 2.2, php 5.5)
I use authentication on our AD server. Users should follow some AD rules applicable when they change their AD password. (need to have, lowercase, uppercase, etc...) . On this point all works. In our AD rules, a user can't reuse the same password. This work fine with session authentication for windows, linux etc.... But every user using can reuse the same password when using LTB Self Service Password. I can always reuse the same password :( (and it's a real pb) Any idea ? Regards. This is my config. # Active Directory mode $ad_mode = true; # Force account unlock when password is changed $ad_options['force_unlock'] = false; # Force user change password at next login $ad_options['force_pwd_change'] = false; # Samba mode $samba_mode = false; # Shadow options - require shadowAccount objectClass $shadow_options['update_shadowLastChange'] = false; # Hash mechanism for password: $hash = "clear"; # Local password policy # This is applied before directory password policy # Minimal length $pwd_min_length = 0; # Maximal length $pwd_max_length = 0; # Minimal lower characters $pwd_min_lower = 0; # Minimal upper characters $pwd_min_upper = 0; # Minimal digit characters $pwd_min_digit = 0; # Minimal special characters $pwd_min_special = 0; # Definition of special characters $pwd_special_chars = "^a-zA-Z0-9"; # Forbidden characters #$pwd_forbidden_chars = "@%"; #$pwd_forbidden_chars = "%"; # Don't reuse the same password as currently $pwd_no_reuse = true; # Complexity: number of different class of character required $pwd_complexity = 0; # Show policy constraints message: # always # never # onerror $pwd_show_policy = "never"; # Position of password policy constraints message: # above - the form # below - the form $pwd_show_policy_pos = "above"; # Who changes the password? $who_change_password = "manager"; ## Token $use_tokens = true; $crypt_tokens = false; $token_lifetime = "3600"; # Encryption, decryption keyphrase $keyphrase = "secret"; # Invalid characters in login # Set at least "*()&|" to prevent LDAP injection # If empty, only alphanumeric characters are accepted $login_forbidden_chars = "*()&|"; ## Default action $default_action = "sendtoken"; __________________________ Avant d'imprimer, pensez à l'environnement ! Please consider the environment before printing ! Ce message et toutes ses pièces jointes sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. IFP Energies nouvelles décline toute responsabilité au titre de ce message. This message and any attachments are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. IFP Energies nouvelles should not be liable for this message. __________________________
_______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
