Re: Openldap and shadowMax Problem

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Openldap and shadowMax Problem
Date: Sat, 15 Sep 2012 17:01:27 +0200

On Fri, 2012-09-14 at 13:30 -0500, cbulist wrote:
> I have set a user with ShadowMax  to 15 in order to get a expiration
> warning but it doesn't work and the client gets login. (I'm not using
> Password Policy)
> I read some post and them reference to pam_ldap.conf on the client, but
> I do not see any option about it.

There are actually two components that can enforce the shadow
properties. First is pam_unix which does this if nsswitch exposes shadow
information from LDAP (getent shadow <user> as root returns something
and getent passwd <user> returns "x" as a password). The second is
pam_ldap.

I think PADL's pam_ldap supports the shadowMax property. nss-pam-ldapd
supports it since 0.8.3.

The above depends on the details of your PAM stack and your
configuration. Posting information on nsswitch.conf, nslcd.conf (if
using nss-pam-ldapd) and your PAM configuration would be helpful.

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Openldap and shadowMax Problem, cbulist
- Re: Openldap and shadowMax Problem, Arthur de Jong

Prev by Date: Openldap and shadowMax Problem
Next by Date: Re: Fine grained access control
Previous by thread: Openldap and shadowMax Problem
Next by thread: nslcd and ubuntu 10.04