I am using SSP against a Samba4 domain. I have set up the following password requirements in Samba4 (using samba-tool)
Password complexity: off Store plaintext passwords: off Password history length: 24 Minimum password length: 12 Minimum password age (days): 30 Maximum password age (days): 210 Account lockout duration (mins): 30 Account lockout threshold (attempts): 10 Reset account lockout after (mins): 30 in SSP I have set up the following password requirements Minimum length: 12 Minimum number of different classes of characters (IE: upper, lower, numeric, special): 3 Forbidden characters: @%$ Your new password may not be the same as your old password Your new password may not be the same as your login I set the minimum password age to 30 days in the hopes that it would prevent someone from flip flopping passwords. IE changing their password twice in a row to get around actually having to use a new password ever. Like this old password = 'My super great password!" new password = 'My new super great password!' old password = 'My new super great password!' new password = 'My super great password!' Unfortunately I was able to flip flop passwords without issue, even though I have the Min password age set to 30 in Samba4. I am debating building a bit into the PHP of SSP which will document when a user changes their password, and then not allow them to change it again thru SSP until at least 30 days have passed. If there is a better/easier/builtin way, I'd love to hear about it! Any suggestions/help would be greatly appreciated! -- *Taylor Hammerling* | *IT Manager* 2800 Laura Lane | Middleton, WI 53562 *O *(608) 669-9070 *| C *(608) 512-7849 tcsbasys.com | ubiquistat.com
_______________________________________________ ltb-users mailing list [email protected] https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-users
