[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to force password change upon account creation

On 12/27/12 14:24 -0600, Kyle@TheHarrisHome.com wrote:
Hi Dan,

Thank you for your response.  I am using CentOS 6.3, OpenLDAP 2.4 and sssd
1.8 as the pam module.  Hope that helps as I still can't quite figure it
out, and thank you again.

You should see if sssd contains the logic to make use of the ppolicy
related attributes. If not, you should configure the appropriate
shadowAccount attributes instead.

-----Original Message-----
From: Dan White [mailto:dwhite@olp.net]
Sent: Sunday, December 23, 2012 6:43 PM
To: Kyle Harris
Cc: openldap-technical@openldap.org
Subject: Re: How to force password change upon account creation

On 12/23/12 17:33 -0600, Kyle Harris wrote:
Hello All,

I have a perl script that allows for the creation of new accounts in
OpenLDAP.  I am attempting to find a way to force the newly created
user to change his or her password upon first login.  I tried setting
the attribute pwdMustChange to TRUE but that attribute must not be
definable upon user creation.  So, how can this be accomplished so that
a new user is forced to change passwords after they first log on?

By 'log in' I assume you're asking about shell access to your system, which
makes use of an ldap pam module to authenticate users. If so, the function
of prompting users to change their password will be handled by that piece of
software, and you should consult the documentation distributed with it.

If that's not the case, please clarify your authentication scenario.

Dan White