[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Updating ShadowLastChange with slurpd

> I have forced password expiration on first login by setting
> ShadowLastChange to 0.
> If a user logs in for the first time to any LDAP client machine or to the
> master itself, they're prompted to change their password immediately and
> the password gets updated immediately.

There was a bug in PAM/NSS LDAP where the shadow attributes were
attempted on a seperate anonymous bind, rather than the authenticated
bind.  This was fixed awhile ago, but what is you version of PAM/NSS?