[Date Prev][Date Next]
Re: Password expiration question (ppolicy and smbk5wpd interaction)
Pat Riehecky wrote:
Like many before me I would love to get the smbk5pwd module up and
running, but I have a question.
In OpenLDAP 2.4.7:
If I set a password expiration time up (with ppolicy), and the user's
password expires, does it lock the Heimdal, Samba, and ldap passwords?
No. The smbk5pwd overlay doesn't know about ppolicy, and vice versa. smbk5pwd
could be patched to look for the ppolicy expiration, of course.
On the flip side, if I set a password expiration time up (with
smbk5pwd), and the user's password expires, does it lock the Heimdal,
Samba, and ldap passwords?
Or perhaps more to the point, what can I do to keep all three of these
passwords either all valid or all expired at the same time?
Extend the smbk5pwd code to synchronize their different policy attributes, and
submit your patch to the ITS.
The documentation is a bit vague on this one point, and the archives
left me still in confusion.....
The documentation states exactly what the overlay will manage. Anything that
isn't described is clearly not going to be managed.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/