Hi!
The industry has an interest on providing short-lived product cycles, but in an enterprise environment five to 10 years are not uncommon. Also "new" products are usually full of new bugs, and it's not clear whether they are actually better than what had proved stable over many years. There are even rumors that people using vi are still alive 😉 SSSD has advantages when you are aiming towards MS-Windows IMHO, but (for example) the resource footprint is much larger than that of the old PAM or services method.
Currently we still need those for a few systems that aren't upgraded yet.
Kind regards, Ulrich Windl
-----Original Message----- From: OndÅ™ej KuznÃk ondra@mistotebe.net Sent: Tuesday, May 6, 2025 2:52 PM To: Windl, Ulrich u.windl@ukr.de Cc: Stefan Kania stefan@kania-online.de; openldap- technical@openldap.org Subject: [EXT] Re: Re: Re: changing password with otp active
On Tue, May 06, 2025 at 12:11:34PM +0000, Windl, Ulrich wrote:
that's correct for modern systems, but older systems may deal with the shadow attributes only.
SSSD et al.[0] have existed for well over a decade. Are there supportable systems that you can connect to an LDAP directory but can't use one of these tools on?
[0]. And even nslcd can interact with ppolicy.
-- OndÅ™ej KuznÃk Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP