Borresen, John - 0444 - MITLL wrote: > If the userPassword was changed via command-line (such as via the passwd > command) the attribute pwdChangedTime does not get updated. If you really mean 'passwd' then it's entirely a matter of your PAM installation/configuration what it sends. > It is only > updated if the userPassword attribute is updated via either the ldapmodify > or, in our case, Apache Directory Studio "Edit Value". > > Is that how it should work? Of did I miss something else somewhere? Regarding LDAP the modify operation on 'userPassword' and the LDAP Password Modify Extended Operation (see RFC 3062) will make slapo-ppolicy intercept the request and set 'pwdChangedTime'. You have to configure whatever PAM client you're using to send appropriate LDAP requests. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature