[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and PAM: account is expired, but pam_ldap allows authentification

To: Konstantin Boyandin <temmokan@gmail.com>
Subject: Re: LDAP and PAM: account is expired, but pam_ldap allows authentification
From: Howard Chu <hyc@symas.com>
Date: Wed, 12 Jan 2011 23:30:56 -0800
Cc: openldap-technical@openldap.org
In-reply-to: <4D2EA696.4020705@gmail.com>
References: <4D2EA696.4020705@gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b8pre) Gecko/20101024 Firefox/4.0b8pre SeaMonkey/2.1b2pre

Konstantin Boyandin wrote:

Hello,

Could someone direct me to the source of wisdom to solve this: I have
set correctly the fields (attributes)

shadowExpire
shadowLastChange
shadowMin
shadowMax

to make the account expired (OpenLDAP used to run NT domain), but when I
ssh to a server using pam_ldap authentication, it is still allowed to login.

How pam_ldap should be instructed to take the expiration attributes ito
account?

Ask on a pam_ldap mailing list. pam_ldap is not a piece of OpenLDAP software,your question is off topic here.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- LDAP and PAM: account is expired, but pam_ldap allows authentification
  - From: Konstantin Boyandin <temmokan@gmail.com>

Prev by Date: Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
Next by Date: Re: LDAP and PAM: account is expired, but pam_ldap allows authentification
Index(es):
- Chronological
- Thread