If a new local password policy is created without a passwordStorageScheme attribute, then the password history will not work. It seems, intuitively, like either the global storage scheme or the default storage scheme should apply to the local policy, rather than requiring a scheme to be explicitly set. Or, failing that, ns-newpwpolicy.pl should probably create a default passwordStorageScheme attribute. Some comments from bug #553455: --- Comment #5 from Nathan Kinder <nkinder> 2010-01-08 13:34:20 EDT --- (In reply to comment #4) > It seems, intuitively, like either the global storage scheme or the default > storage scheme should apply to the local policy. If not, then > ns-newpwpolicy.pl should probably create a default passwordStorageScheme > attribute. I tend to agree, though I am concerned about changing the behavior. We could make the storage scheme of the local policy inherit from the global policy if it is not set locally, but this would have the effect of changing the result of user's existing policies after an upgrade. It is probably unlikely that someone is depending on the current behaviour to enforce clear passwords without explicitly specifying the storage scheme, but we have no way of knowing for sure. The ns-newpwpolicy.pl script could also be easily modified to add a default storage scheme, but we don't add any other policy values. Perhaps the proper thing is to make the default storage scheme for a local policy SSHA when the "passwordStorageScheme" value is not set. This is in line with the way the global policy works. --- Comment #6 from Rich Megginson <rmeggins> 2010-01-08 13:43:31 EDT --- This has been a problem from day one - everyone intuitively expects the local password policy to inherit from the global password policy for fields that are not specified at the local level. I seriously doubt someone is relying on the existing behavior, fully understanding how it is supposed to work. But that is a separate issue - an enhancement request. I think it could be made to work by changing new_passwdPolicy to simply copy the settings from the global policy when creating the local policy object.
*** Bug 554419 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 190862 ***