On 23/09/2011 13:20, Howard Chu wrote:
Not a major shortcoming. If you're actually using LDAP then you should set expiration using ppolicy and not using shadow attributes at all.
Did this solve problems with current nslcd, libnss-ldapd, libpam-ldapd packages on Debian Stable and Ubuntu LTS? I was not aware of this.
Anyway I have more than 80 server in schools, with hundred of students registered in each one. When they where created 6 years ago ppolicy was not an option.
I prefer to install a patched slapd-smbk5passwd package on each server and have a consistent managament of the actual information than reworking the data in each database and make changes in about 2500 client configurations.
Ppolicy could be the future, but I have to deal with the present and the past.
Simone