They are stored as the old password in the passwordHistory operational attribute, like so:
As to maximum number of similar characters, I have no idea.
On Mar 29, 2011, at 11:43 AM, Michael R. Gettes wrote:
> I am trying to locate the details regarding the Password History Policies and Maximum Number of Similar Characters for both the Sun IDM and Oracle IDM products. In particular, I am interested in knowing how the information regarding previous passwords are stored. Are there any conditions under which the value of the previous passwords are stored (plain text, encrypted, reversible, hashed, etc) and are there any risks of exposure? If you have any of these details, please send either directly to me or to the list. And yes, I have read the docs but they only appear to indicate how to enable these functions and their behaviors and not the details I am seeking. I have inquired with SunOracle and awaiting a response... but I figured I would ask the true oracle of the net - the community using these and other products.