[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Configuring ppolicy problem

Le 31/08/2012 21:39, cbulist a écrit :

I did a test with your suggestion and now It is working when I change
the pwdMaxAge to some short time as 15 seconds but I don't receive any
message invite me to change the password or any warning message for
expiration time.
I see the follow message in debug mode:

uid=user1,ou=People,dc=sample,dc=com  has an expired password

I set the attributes in default Policies:

pwsGraceAuthNLimit: 2
pwdAllowUserChange: TRUE
pwdExpireWarning: 10
pwdLockout: TRUE
pwdMaxAge: 15
pwdMustChange: TRUE

In my ldap client I have set:
pam_lookup_policy yes

Do I have to change something in PAM?
No idea exactly.

You'd better test directly with basic ldap clients, such as ldapsearch/ldappasswd to understand how password policy works. And debug your pam issues in a second step. BTW, pam_ldap has dedicated mailing list that may give better answer than this one.

Also, if you're only interested in password expiration for your unix user account, you don't need server-side support (ppolicy), the historical shadow system should be enough (and probably simpler).

BOFH excuse #118:

the router thinks its a printer.