[Date Prev][Date Next]
Re: pwdMustChange and pwdExpireWarning
- To: Buchan Milne <firstname.lastname@example.org>
- Subject: Re: pwdMustChange and pwdExpireWarning
- From: Wei Gao <email@example.com>
- Date: Mon, 16 Aug 2010 18:02:41 -0400
- Cc: firstname.lastname@example.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=X42mpWpVXYvPknuPykmyTg8htCWAWxi2R5cCIPYj1Nw=; b=vpISRahof4Rr2zpVRG4+UGN/MH6sSCC8znpykPPHrklaPbqfpdn3DF0M7bsHTv0VFY bf2z6PhWkdhyEO6WPMxm97c6KGPxc4qTtJXL7cMCOft0XOP/T+y5Y6EY85ZxEEm+agLC SfPaWY3HMhOho20FKqp/9b5OHd0629n1uW7b8=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=w4kx0cBP5WtRCOVnBeIWEqxQhtA2L8hZix34w854olOi7o3auDKcjWmjTu1BLkPO7U 0XYrXw2ypOTTVEjoqiBQwy0p84h8WX65P59mUm+5iYPj9Ym01gRz8d9ggjqjumOC2vAq y3pIYNVjZhNr+rCrHTeR8VittIfe5kmMWMJ7I=
- In-reply-to: <email@example.com>
- References: <AANLkTinWJiXJ=DUd0h4Bpg+cR+k=_3TGdonK6nea1MTt@mail.gmail.com> <firstname.lastname@example.org>
I set pwdReset manually and it worked. Thank you.
For my issue regarding pwdExpireWarning not displaying warning message when I ssh into my systems, I still can't figure out what I did wrong. Here is my default policy:
pwdMaxAge works perfectly and so does every other attribute, except pwdExpireWarning. pwdExpireWarning is the only one I am having issues now. Not sure what I did wrong. Do you need to know any other details? Thank you very much for taking your time to help me.
On Mon, Aug 16, 2010 at 11:12 AM, Buchan Milne <email@example.com>
On Thursday, 12 August 2010 21:47:18 Wei Gao wrote:No.
> I have pwdMustChange set to true in my default ppolicy. I tried to change a
> user's password EITHER as Manager on LDAP server OR via the following
> command on my LDAP server
> ldappasswd -x -D "cn=Manager,dc=example,dc=company" -W -S
> Since I have pwdMustChange set to true, the user should be required to
> change his password when he tries to log in next time.
You currently have to set pwdReset manually. I don't see any documentation
> But the system
> doesn't prompt the user to change his password. And when I ran slapcat -a
> '(uid=user1)', I saw most Operational Attributes except pwdReset.
that indicates that pwdReset should automatically be set when the password is
changed in a specific way.
Misconfigured PAM stack probably (authorization, IOW account lines). There have
> All my
> settings seem to be correct. I couldn't figure out what is wrong here.
> One other question I have is: In my default ppolicy, I have
> pwdExpireWarning set to 1209600 (14 days). My current password is going to
> expire in 12 days, how come I don't see a warning message when I ssh to my
been previous solutions in previous threads on this topic, and without any
details of your system it isn't possible to assist further.