[Date Prev][Date Next] [Chronological] [Thread] [Top]

Check ppolicy

Hi folks,

I use a OpenLDAP as a central accounting servers through the sshd service and I use sudo also. All works like a charm.
However I wanto to use SLAPO_PPOLICY(5).

Well, I think I've implemented it correctly:

xen-ldap01:~# ldapsearch -x -b 'cn=DefaultPassword,ou=Policies,dc=company,dc=com'
# extended LDIF
# LDAPv3
# base <cn=DefaultPassword,ou=Policies,dc=company,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL

# DefaultPassword, Policies, company.com
dn: cn=DefaultPassword,ou=Policies,dc=company,dc=com
cn: DefaultPassword
objectClass: top
objectClass: device
objectClass: pwdPolicy
objectClass: pwdPolicyChecker
pwdAttribute: userPassword
pwdMinAge: 0
pwdMaxAge: 15552000
pwdExpireWarning: 604800
pwdGraceAuthNLimit: 3
pwdMinLength: 8
pwdMaxFailure: 5
pwdLockout: TRUE
pwdInHistory: 5
pwdAllowUserChange: TRUE
pwdSafeModify: TRUE

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

The main problem is I don't know how to ckeck it. I mean, when a user connects to a machine (a box which is OpenLDAP client) using sshd, sshd goes to OpenLDAP and query about the user and his password. But I don't see anymore that the classical "Password:" prompt.

So ¿how can I check if ppolicy is really working? I want to test it, changing the password for example or blocking a user who type wrong their password for more tant 5 times.

I suspect a PAM issue (after all, the sshd service goes to LDAP using PAM modules), but I'm not sure.

¿Any clue?

Jordi Espasa Clofent