No worries Shawn... there was a similar reaction within the development team too. We didn't get far enough with the password policy engine in 5.2. In retrospect, I should have pushed it further during the beta.
The developer document that you referenced is a bit old since much of that was implemented in 5.2 (the ldapsetup command will do all the work). That command will work, but it's not fully baked yet.
I run into a problem when on the app server I try to add a service to a user (or change any information). I get an error that says "Strong(er) authentication required.
You won't be able to manage users from the replicate system. You have to update information on the master.
You should know that per-account password policies will be added in a future release. Before we can implement this level of detail, we need to improve the user/group plugin infrastructure in ClearOS. What do I mean by this? Any new "user aware" application may have its own set of user preferences.
- Drive letter for Samba shares
- Roaming profiles for primary domain users
- Static IP address for PPTP VPN users
- Extension number for VoIP/PBX accounts
- etc.
The password policy engine will fall into this same framework. The framework will exist in ClearOS 6.0. After that, it will be a matter of implementing the necessary bits for per-account password policies.
The patch has been applied in ClearOS 5.2, but it is still called version 0.11 in the l7-filter output. We're planning on doing an official l7-filter 0.12 release in the coming weeks. Here is the announcement.
There are 3 other patches in l7-filter to be included in 0.12, but those patches are not in ClearOS 5.2. In ClearOS 5.2, it's 0.11+threading_patch.
