Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [password-policy]

70 questions
2
votes
2 answers

How can I randomize or stagger password expiration through Active Directory?

We are about to implement a new password policy that will require users to change their password every six months. We also need every user to change their password this week. I'd rather not create a biannual password-change-frenzy, and would prefer…
rtf
  • 884
  • 2
  • 16
  • 30
2
votes
1 answer

Setting fine-grained password policy on an OU - Windows Server 2008

I found this article: AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide really useful to set fine-grained password policies for a user or a Security Group. But I haven't found any way to do this at an OU level - at least not…
rbrayb
  • 1,098
  • 1
  • 12
  • 20
2
votes
1 answer

Changing domain password on DC fails regardless of complexity

I have a new Windows 2008 R2 Server (Standard, German). After installation from CD I enabled RDP Access, installed the Active Directory services and executed dcpromo. After reboot I log in via RDP as Domain Administrator and run Start -> Windows…
Roman
  • 372
  • 1
  • 7
  • 19
1
vote
1 answer

Give user's directory access to another user

Users are sharing their password. As you know, this is bad! The big reason why they do that is to allow a colleague to access theirs files when they are away. Yes, they can plan this in advance, but this is not always doable. I'm looking to find a…
Francis
  • 381
  • 2
  • 6
  • 17
1
vote
1 answer

Sudo: cannot setup user to avoid being asked for password

I run: sudo visudo and set this line for my user myuser ALL=(ALL) NOPASSWD: ALL however, I am still asked a password when I run a sudo command how can I setup the user so that the password is not asked? This is the full /etc/sudoers file: ##…
Daniele B
  • 357
  • 4
  • 14
1
vote
4 answers

Do password expiry rules reducing the security of the system?

The problem I regularly have a debate with my CTO which usually begins something like this ... CTO: My password expired, that should never happen. Me : It's a security risk to never expire passwords. CTO: It's a security risk to force passwords to…
War
  • 113
  • 7
1
vote
1 answer

How to increase time for password-protected screensaver

I run a network with server 2012 r2, I have users in active directory. The computers lock after 5 minutes of inactivity. Is there any way to extend the time to 1 hour?
New to Server 2016
  • 11
  • 1
1
vote
1 answer

Why isn't pwdReset automatically set when pwdMustChange is true?

Every other directory server, i.e. Oracle's will automatically set pwdReset to TRUE if pwdMustChange is defined in the policy: When a user's password is changed by another user, such as a password administrator, pwdReset is set to TRUE. On the…
user326892
  • 11
  • 2
1
vote
1 answer

Cannot enforce password change in OpenLDAP with Password Policy Overlay

I've implemented Password Policy Overlay on OpenLDAP on Debian Stable. The server side and the policies are working as expected. However, after expiration I cannot force users to change their passwords. User logs in, gets a message that their…
bayindirh
  • 624
  • 1
  • 5
  • 14
1
vote
1 answer

ldap ppolicy implementation for brute force prevention

I have an openldap server (with user passwords) open worldwide which I'm trying to secure. Step 1 was to limit access to data to authenticated users via ACLs. Step 2, to prevent brute force attacks, was to implement ppolicy. Seems to be working…
Oliver Henriot
  • 123
  • 2
  • 8
1
vote
1 answer

OpenLDAP pwdPolicySubentry for organizationalUnit

Can you set a pwdPolicySubentry for an organizationalUnit, so that all entries contained in that organizationalUnit follow that password policy?
Hank
  • 171
  • 1
  • 6
1
vote
2 answers

ppolicy with pam_ldap - pwdReset has no effect when logging in from Ubuntu

We installed ppolicy overlay on our ldap server. Password policies work correctly for locking out user after X incorrect password attempts, but we can't enforce user to change his password. When we set pwdReset=TRUE attribute for a user - user can…
Dima L.
  • 121
  • 6
1
vote
1 answer

Changing Password expiry date for limited users in Domain

I have 50 users in my domain. But i have to set password expiry days for 90 for only 10 users. How can i do it. How can this be done without affecting any other users Password Policy.
Vinay
  • 13
  • 3
1
vote
0 answers

PAM module configuration, ssh failure in Debian

I want to set password policies for users on a Debian VM, like minlen and special char required for the password. In my Debian VM I get an error and can´t log in again via SSH to that machine. OS Version: Debian Bullseye 11 Kernel Version: Linux…
nemo
  • 11
  • 3
1
vote
2 answers

Password history in Active Directory

We are considering enabling "Enforce password history" on our Active Directory, the password is now maintained by another IAM system, but we are looking into changing it to AD/AAD. Users has been changing passwords for years now in a different…
Raymond A.
  • 111
  • 2
1 2
3
4 5