Browse Source

Don't save password history on non-Kerberos accounts

While other password policies were properly ignored the password
history was always being saved if the global history size was
non-zero.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
master
Rob Crittenden Christian Heimes 11 months ago
parent
commit
8b7bb96b32
1 changed files with 2 additions and 2 deletions
  1. +2
    -2
      daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c

+ 2
- 2
daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c View File

@@ -888,8 +888,8 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
"userPassword", data->password);

/* set password history */
if (data->policy.history_length > 0) {
/* set password history if a Kerberos object */
if (data->policy.history_length > 0 && is_krb) {
pwvals = ipapwd_setPasswordHistory(smods, data);
if (pwvals) {
slapi_mods_add_mod_values(smods, LDAP_MOD_REPLACE,


Loading…
Cancel
Save