[Date Prev][Date Next]
I use a OpenLDAP as a central accounting servers through the sshd
service and I use sudo also. All works like a charm.
However I wanto to use SLAPO_PPOLICY(5).
Well, I think I've implemented it correctly:
xen-ldap01:~# ldapsearch -x -b
# extended LDIF
# base <cn=DefaultPassword,ou=Policies,dc=company,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
# DefaultPassword, Policies, company.com
# search result
result: 0 Success
# numResponses: 2
# numEntries: 1
The main problem is I don't know how to ckeck it. I mean, when a user
connects to a machine (a box which is OpenLDAP client) using sshd, sshd
goes to OpenLDAP and query about the user and his password. But I don't
see anymore that the classical "Password:" prompt.
So ¿how can I check if ppolicy is really working? I want to test it,
changing the password for example or blocking a user who type wrong
their password for more tant 5 times.
I suspect a PAM issue (after all, the sshd service goes to LDAP using
PAM modules), but I'm not sure.
Jordi Espasa Clofent