RE: Expired password allowed in via pwdGraceAuthNLimit w/o warning to user

[Joe Friedeggs <friedeggs44@hotmail.com>]

> From the previous post, we can see the expiration messages and grace period
> messages when using ldapwhoami with -e ppolicy.
>
> If I look for those expiration messages, I see they are coming from the
> executable ldapwhoami.
>
> I find some expiration messages in sshd, but nothing with grace period messages
> other than "Invalid login grace time" and nothing from telnetd which is not
> all that surprising given it's age.
>
> Can I assume from this that we need a newer sshd component in order to see these
> grace period messages ?
>
> Al
>

I had a similar issue.  Setting

pam_password exop

in ldap.conf on the Linux client resolved the issue (not sure why).  

Thanks,
Joe


 		 	   		  
_________________________________________________________________
The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4