Re: Plans for implementing ppolicy?
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Plans for implementing ppolicy?
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Plans for implementing ppolicy?
- Date: Tue, 11 Sep 2012 22:36:53 +0200
On Tue, 2012-09-11 at 11:39 -0600, Ryan Kish wrote:
> I have been working on improving my ldap setup for some time. On my
> list of action items is password aging and failed login attempt
> lockouts. Per the documentation, it's clear that this is not yet
> supported, and my testing seems to confirm that. (currently working on
> a standard ppolicy setup).
nss-pam-ldapd indeed currently doesn't support LDAP ppolicy. For
password ageing using the shadow attributes is recommended. Versions of
nss-pam-ldapd since 0.8.3 check shadow attributes always, before that
you would have to rely on pam_unix checking shadow attributes.
> my question is if/when there are plans to actually implement ppolicy
> in nslcd and the supporting libraries? If there is no plans, does
> anyone have pointers on work arounds I could attempt to achieve my
> goals?
If you're willing to implement this in nslcd I can assist. I've had a
look a little while back but only made a very small start. Some pointers
here:
http://lists.arthurdejong.org/nss-pam-ldapd-users/2012/msg00125.html
If anyone else has time to look at this now I would welcome patches for
it.
Thanks,
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
