[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap/pwd complexity and PAM?

To: Howard Chu <hyc@symas.com>
Subject: Re: ldap/pwd complexity and PAM?
From: Doug OLeary <dkoleary@olearycomputers.com>
Date: Sat, 15 Feb 2014 16:28:34 -0600 (CST)
Cc: openldap-technical@openldap.org
In-reply-to: <52FFDC94.5030501@symas.com>
References: <alpine.LRH.2.03.1402151453200.21207@olearycomputers.com> <52FFDC94.5030501@symas.com>
User-agent: Alpine 2.03 (LRH 1266 2009-07-14)

Hey;

Apparently, in my efforts to be brief, I didn't adequately outline thescenario. Users need to be able to change their own passwords once theiraccount is configured in ldap and assigned an initial password. That's wherepam comes in. Obviously, if I (or the user) change a user's account via ldapcommands, pam restrictions.


I just verified that a test user can change his password to anything he wants
via ldappasswd (bad... but have to have access to the command).

I also verified that the pam configuration affects password selection

when the user is trying to change the password via the passwd command.(got that working both locally and via ldap).


So, I got the answer to my question and raised a bunch more potential issues
that I'll have to ponder.

Thanks for the reply.

Doug O'Leary
------------
Senior UNIX/Security Admin
CISSP, CISA, RHCSA, CEH
O'Leary Computers Inc
dkoleary@olearycomputers.com (w) 630-904-6098 (c) 630-248-2749
linkedin: http://www.linkedin.com/in/dkoleary
resume: http://www.olearycomputers.com/resume.html

Follow-Ups:
- Re: ldap/pwd complexity and PAM?
  - From: Dieter KlÃnter <dieter@dkluenter.de>

References:
- ldap/pwd complexity and PAM?
  - From: Doug OLeary <dkoleary@olearycomputers.com>
- Re: ldap/pwd complexity and PAM?
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: ldap/pwd complexity and PAM?
Next by Date: Re: ldap/pwd complexity and PAM?
Index(es):
- Chronological
- Thread