[Date Prev][Date Next]
Re: Best multi-password password changing setup
pwdutils should perform the exop for you, in addition to the
Make use of the chage command to maintain shadowMin, shadowMax,
shadowWarning and shadowExpire attributes, assuming your users
Update shadow expiry information when the passwd command is
executed (the passwd command from pwdutils).
That should help handle shell/PAM authentications.
That doesn't solve your situation with samba/kerberos
expirations, but you may be able to wrap passwd with a script and
update the appropriate attributes based on the existing shadow attrs.
- Dan White
Buchan Milne wrote:
On Thursday 11 October 2007 20:55:51 Dan White wrote:
You may want to investigate pwdutils:
The website it a little dated, but the software appears to be
more actively maintained at:
I don't see anything in the current version that would alleviate my problems.
Maybe I was not clear enough. I am not looking for a tool to just change an
LDAP password (I use ldappasswd for that currently, and it changes Samba
passwords too via the smbk5passwd overlay) or provision accounts to LDAP
etc. . I am looking for a solution to ensure that, whichever mechanisms I
decide to allow for password changes (e.g. LDAP password change exop), all
aspects related to the use of that password are updated consistently, for use
via simple binds, authentication via Samba/NTLM/MSCHAPv2, and Kerberos. At
present I see no means to accomplish this (at most you can get 2/3).
pwdutils seems mostly to be similar in function to what I am currently using
smbldap-tools for (but this function will probably be moved to some in-house