Hi folks,
I use a OpenLDAP as a central accounting servers through the sshd service and I use sudo also. All works like a charm. However I wanto to use SLAPO_PPOLICY(5).
Well, I think I've implemented it correctly:
xen-ldap01:~# ldapsearch -x -b 'cn=DefaultPassword,ou=Policies,dc=company,dc=com' # extended LDIF # # LDAPv3 # base <cn=DefaultPassword,ou=Policies,dc=company,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# DefaultPassword, Policies, company.com dn: cn=DefaultPassword,ou=Policies,dc=company,dc=com cn: DefaultPassword objectClass: top objectClass: device objectClass: pwdPolicy objectClass: pwdPolicyChecker pwdAttribute: userPassword pwdMinAge: 0 pwdMaxAge: 15552000 pwdExpireWarning: 604800 pwdGraceAuthNLimit: 3 pwdMinLength: 8 pwdMaxFailure: 5 pwdLockout: TRUE pwdInHistory: 5 pwdAllowUserChange: TRUE pwdSafeModify: TRUE
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
The main problem is I don't know how to ckeck it. I mean, when a user connects to a machine (a box which is OpenLDAP client) using sshd, sshd goes to OpenLDAP and query about the user and his password. But I don't see anymore that the classical "Password:" prompt.
So ¿how can I check if ppolicy is really working? I want to test it, changing the password for example or blocking a user who type wrong their password for more tant 5 times.
I suspect a PAM issue (after all, the sshd service goes to LDAP using PAM modules), but I'm not sure.
¿Any clue?