Howard Chu wrote:
michael@stroeder.com wrote:
michael@stroeder.com wrote:
I'd rather argue that for Samba 3 'sambaPwdLastSet' should be set.
Uumpf! This is already set. Sorry for the noise.
'shadowLastChange' is rather a POSIX account attribute which from my understanding is out-of-scope for slapo-smbk5pwd. Well, the scope could be extended...
But still it's the question whether we want to have this functionality for various password-related attribute all in on overlay or whether there should be distinct overlays for each account type (posixAccount/shadowAccount, sambaSAMAccount, Kerberos user).
shadowAccount is deprecated. LDAP ppolicy already provides a pwdChangedTime attribute.
While I agree that slapo-ppolicy is the better solution in the long run I see no reason why to not set both attributes at the server's side to make older LDAP clients happy.
Ultimately both Kerberos and Samba will just be using LDAP ppolicy.
Yes. But there is indeed a real need for a solution in the meantime...
Ciao, Michael.