[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Check ppolicy
Hi folks,
I use a OpenLDAP as a central accounting servers through the sshd
service and I use sudo also. All works like a charm.
However I wanto to use SLAPO_PPOLICY(5).
Well, I think I've implemented it correctly:
xen-ldap01:~# ldapsearch -x -b
'cn=DefaultPassword,ou=Policies,dc=company,dc=com'
# extended LDIF
#
# LDAPv3
# base <cn=DefaultPassword,ou=Policies,dc=company,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# DefaultPassword, Policies, company.com
dn: cn=DefaultPassword,ou=Policies,dc=company,dc=com
cn: DefaultPassword
objectClass: top
objectClass: device
objectClass: pwdPolicy
objectClass: pwdPolicyChecker
pwdAttribute: userPassword
pwdMinAge: 0
pwdMaxAge: 15552000
pwdExpireWarning: 604800
pwdGraceAuthNLimit: 3
pwdMinLength: 8
pwdMaxFailure: 5
pwdLockout: TRUE
pwdInHistory: 5
pwdAllowUserChange: TRUE
pwdSafeModify: TRUE
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
The main problem is I don't know how to ckeck it. I mean, when a user
connects to a machine (a box which is OpenLDAP client) using sshd, sshd
goes to OpenLDAP and query about the user and his password. But I don't
see anymore that the classical "Password:" prompt.
So ¿how can I check if ppolicy is really working? I want to test it,
changing the password for example or blocking a user who type wrong
their password for more tant 5 times.
I suspect a PAM issue (after all, the sshd service goes to LDAP using
PAM modules), but I'm not sure.
¿Any clue?
--
Thanks,
Jordi Espasa Clofent