[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to force password change upon account creation

Arthur de Jong wrote:
> You should probably grant the user the right permissions to update the
> userPassword and shadowLastChange attributes.

Yes, the user should have write-only access to userPassword.

But if the user has write access to 'shadowLastChange' he could circumvent the
shadowAccount-based password policy. So this is bad advice.

Ciao, Michael.