Re: Configuring ppolicy problem
Le 31/08/2012 21:39, cbulist a écrit :
Guillaume,
I did a test with your suggestion and now It is working when I change
the pwdMaxAge to some short time as 15 seconds but I don't receive any
message invite me to change the password or any warning message for
expiration time.
I see the follow message in debug mode:
uid=user1,ou=People,dc=sample,dc=com has an expired password
I set the attributes in default Policies:
pwsGraceAuthNLimit: 2
pwdAllowUserChange: TRUE
pwdExpireWarning: 10
pwdLockout: TRUE
pwdMaxAge: 15
pwdMustChange: TRUE
In my ldap client I have set:
pam_lookup_policy yes
Do I have to change something in PAM?
No idea exactly.
You'd better test directly with basic ldap clients, such as
ldapsearch/ldappasswd to understand how password policy works. And debug
your pam issues in a second step. BTW, pam_ldap has dedicated mailing
list that may give better answer than this one.
Also, if you're only interested in password expiration for your unix
user account, you don't need server-side support (ppolicy), the
historical shadow system should be enough (and probably simpler).
--
BOFH excuse #118:
the router thinks its a printer.