[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Check ppolicy


Have you set 'pam_lookup_policy yes' in pam_ldap's ldap.conf?


# cat /usr/local/etc/ldap.conf | grep pam_lookup
pam_lookup_policy yes

Are you using pam_ldap in the "account" lines of your PAM configuration?

Yes (if you refer to sshd, which is the service that I use with PAM to make the request in LDAP cluster).

# cat /etc/pam.d/sshd | grep account
# account
account         required        pam_nologin.so
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         sufficient      /usr/local/lib/pam_ldap.so
account         required        pam_unix.so

In http://www.nabble.com/Re:-Password-expiry-warning-message-from-ppolicy-td8071732.html , Prakash Velayutham says:

"Wanted to give a heads up. I have found a solution to this one and it
was not pam_ldap. It was the OpenSSH on my system. I was running OpenSSH
4.1p1 and looks like this issue was fixed in 4.3p2 and higher. I got the
latest 4.5p2 and things are working now. I will test some more and
report back again soon. "

Effectively, I use FreeBSD 7.0 which is shipped with OpenSSH 4.5p1; but I've upgrade teh OpenSSH to 5.2p1 and I cannot see the warning messages yet.

Jordi Espasa Clofent