>>Le 01/09/2017 à 10:23, Sebastian Perkins - Hoist Group - Switzerland a écrit : Hi everyone,
>>Hello Sebastian, Hi Clément :D >>There is a difference between a locked password and an expired password, you >>can see it if you read the password policy draft. Yes sorry, some vocabulary mix on my side, we are indeed talking about user password expiration, not lockout : no login is possible, but password can/has be changed. >>In your case, it seems you are talking about password expiration. It is >>indeed managed by LDAP directory. You can find here a small script to send >>reminder by email if you need one: >>https://github.com/ltb->>project/ldap-scripts/blob/master/checkLdapPwdExpiration.sh<https://github.com/ltb-%3e%3eproject/ldap-scripts/blob/master/checkLdapPwdExpiration.sh>. >> There is also a PR to rewrite it in PHP: >>https://github.com/ltb-project/self-service-password/pull/139 That's exactly the script I was referring to :D >>If password is expired, user will not be able to change it (as old password >>will be rejected). He can reset it by mail or SMS. Nice ! We send the mail for the user to enter the new password. I don't remember if the old password is proposed in this case ? This is why password history is needed, as some "interesting people" enter the same password again and again... or maybe this is bad and we are doing it wrong ? >>Password history is next step discussion, I do remember an old thread to >>directly extract the ldap policy info... >>Yes, there is also a PR on this subject: >>https://github.com/ltb-project/self-service-password/pull/101. It still need >>some work. Great ! for us this is the only "killer" feature missing versus the "interesting people" mentioned above. Anyway we can evaluate/help the code in test here ? -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 137 boulevard de Magenta - 75010 PARIS Blog: http://sflx.ca/coudot
_______________________________________________ ltb-users mailing list [email protected] https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-users
