Univention Bugzilla – Bug 47884
Password security policy can be surpassed with password self-service
Last modified: 2018-09-28 15:39:34 CEST
The documentation should be more clear on the limits of the password self service. Taken from https://help.univention.com/t/change-password-self-service-component-password-check-not-working-correctly/9767/2 * It does mention that there are two authorities that use different sets of configuration options. That’s good. * It does not explicitly list which method of changing passwords involves which method (from the top of my head: UMC admin modules for managing users; UMC user module for changing own password; password self-service app; Windows clients; passwd tool on the command line; kpasswd tool on the command line; slappasswd tool on the command line; directly via LDAP calls on the OpenLDAP server; directly via LDAP calls on the Samba4 LDAP…). * It does not list all the ways those settings can be affected (again from the top of my head: UCR variables; Samba4 domain object in OpenLDAP; samba-tool domain passwordsettings …; group policies…) and how they interact. +++ This bug was initially created as a clone of Bug #47883 +++ Resetting the password via password self service does not use the password policy. Please see https://help.univention.com/t/change-password-self-service-component-password-check-not-working-correctly/9767