[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Check ppolicy
On Tuesday 16 June 2009 18:37:25 Jordi Espasa Clofent wrote:
> In OpenLDAP server I can see that ppolicy is working as expected:
>
> Jun 16 18:12:13 xen-ldapbeta slapd[1834]: ppolicy_bind: Setting warning
> for password expiry for uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com
> = 112 seconds
> Jun 16 18:13:12 xen-ldapbeta slapd[1834]: ppolicy_bind: Setting warning
> for password expiry for uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com
> = 53 seconds
> Jun 16 18:13:44 xen-ldapbeta slapd[1834]: ppolicy_bind: Setting warning
> for password expiry for uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com
> = 21 seconds
> Jun 16 18:13:59 xen-ldapbeta slapd[1834]: ppolicy_bind: Setting warning
> for password expiry for uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com
> = 6 seconds
> Jun 16 18:14:11 xen-ldapbeta slapd[1834]: ppolicy_bind: Entry
> uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com has an expired password:
> 0 grace logins
> Jun 16 18:14:19 xen-ldapbeta slapd[1834]: ppolicy_bind: Entry
> uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com has an expired password:
> 0 grace logins
> Jun 16 18:19:43 xen-ldapbeta slapd[1834]: ppolicy_bind: Entry
> uid=jespasac,ou=CAT,ou=Tecnic,dc=company,dc=com has an expired password:
> 0 grace logins
Have you set 'pam_lookup_policy yes' in pam_ldap's ldap.conf?
Are you using pam_ldap in the "account" lines of your PAM configuration?
>
> but I don't understand why in the client prompt I don't see these
> warning. The only warning I see is when the password has already expired
> (setting up the 'pam_password_prohibit_message' in ldap.conf client side):
>
> You are required to change your LDAP password immediately.
> Please visit http://my_gui_to_change_password
> Old Password:
>
> ¿Why can I see this message and not the expire time or grace login
> warnings?