I am working (with RH via Dell support) to solve an issue (that I believe to be a pam_ldap issue). The problem is that the password policy control messaging does not occur when I set 'pam_password md5', thus the Linux client never knows that the password expires.
They have informed me that the password policy overlay in LDAP requires clear-text passwords, and will not handle the password policy stuff if the password is hashed. This makes no sense to me, since ppolicy is only handling expiry times, etc. and pam is handling the rest (length, strength, etc., prior to hash).
Does the ppolicy overlay require clear-text?
Thanks, Joe _________________________________________________________________ Hotmail: Trusted email with powerful SPAM protection. http://clk.atdmt.com/GBL/go/177141665/direct/01/