Overview#

PwdHistory attribute holds a history of previously used passwords. Values of this attribute are transmitted in string format as given by the following ABNF:

pwdHistory = time "#" syntaxOID "#" length "#" data time = GeneralizedTime

syntaxOID = numericoid ; the string representation of the

• dotted-decimal OID that defines the
• syntax used to store the password.

length = number ; the number of octets in data.

data = <octets representing the password in the format specified by syntaxOID>.

This format allows the server to store, and transmit a history of passwords that have been used. In order for equality matching to function properly, the time field needs to adhere to a consistent format. For this purpose, the time field MUST be in GMT format.

PwdHistory is defined as

• OID of 1.3.6.1.4.1.42.2.27.8.1.20
• NAME PwdHistory
• DESC 'The history of user s passwords'
• EQUALITY octetStringMatch
• SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
• NO-USER-MODIFICATION
• USAGE DirectoryOperation

More Information#

There might be more information for this subject on one of the following:

• Draft-behera-ldap-password-policy
• DxPwdHistory
• Password History
• Password Policy State Information
• PasswordInHistory
• PasswordPolicyResponse
• PwdInHistory
• SCIM Password Management Extension