On 2/14/19 8:19 AM, Derek Zhou wrote: > Tian Zhiying writes: >> Is there a feature that OpenLDAP password policy can forbidden user >> password reuse of the last 5 password?> > Better use kerberos for advanced password policy requirements. You can > use SASL to bridge LDAP's userPassword checking to a kerberos backend so > everything still work and much safer.
By which definition of "safe" is adding more complexity safer? Especially you don't know how the original poster does password changes. Maybe he wants to use ppolicy response controls etc. Ciao, Michael.
