Red Hat Bugzilla – Bug 554419
Local password policies should inherit settings from the global policy
Last modified: 2015-01-04 18:41:03 EST
The fact that local password policies do not inherit settings from the global policy has caused quite a bit of confusion. Ideally, a password policy setting not defined at the local policy level would cause the global value for that setting to be used. This allows one to create a local password policy to simply override a few attributes from the global policy instead of having to duplicate much of the global policy to get the same result.
This feature should be relatively easy to implement by changing the new_passwdPolicy() function to duplicate the global policy struct before filling in the local settings. This function currently just uses calloc() to create an empty struct prior to loading the local policy values.