[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap/pwd complexity and PAM?

To: openldap-technical@openldap.org
Subject: Re: ldap/pwd complexity and PAM?
From: Dieter KlÃnter <dieter@dkluenter.de>
Date: Sun, 16 Feb 2014 08:54:54 +0100
In-reply-to: <alpine.LRH.2.03.1402151602410.27251@olearycomputers.com>
Organization: AVCI
References: <alpine.LRH.2.03.1402151453200.21207@olearycomputers.com> <52FFDC94.5030501@symas.com> <alpine.LRH.2.03.1402151602410.27251@olearycomputers.com>

Am Sat, 15 Feb 2014 16:28:34 -0600 (CST)
schrieb Doug OLeary <dkoleary@olearycomputers.com>:

> Hey;
> 
> Apparently, in my efforts to be brief, I didn't adequately outline
> the scenario.  Users need to be able to change their own passwords
> once their account is configured in ldap and assigned an initial
> password.  That's where pam comes in.  Obviously, if I (or the user)
> change a user's account via ldap commands, pam restrictions.
> 
> I just verified that a test user can change his password to anything
> he wants via ldappasswd (bad... but have to have access to the
> command).
> 
> I also verified that the pam configuration affects password selection
> when the user is trying to change the password via the passwd
> command. (got that working both locally and via ldap).
> 
> So, I got the answer to my question and raised a bunch more potential
> issues that I'll have to ponder.

It is not PAM but the name service switch nss which can be configured to
us ldap as credentials storage.

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53Â37'09,95"N
10Â08'02,42"E

References:
- ldap/pwd complexity and PAM?
  - From: Doug OLeary <dkoleary@olearycomputers.com>
- Re: ldap/pwd complexity and PAM?
  - From: Howard Chu <hyc@symas.com>
- Re: ldap/pwd complexity and PAM?
  - From: Doug OLeary <dkoleary@olearycomputers.com>

Prev by Date: Re: ldap/pwd complexity and PAM?
Next by Date: Re: Antw: Re: Use the current date/timestamp in filters
Index(es):
- Chronological
- Thread