RSS feed

Re: Plans for implementing ppolicy?

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Plans for implementing ppolicy?

On Tue, 2012-09-11 at 11:39 -0600, Ryan Kish wrote:
> I have been working on improving my ldap setup for some time. On my
> list of action items is password aging and failed login attempt
> lockouts. Per the documentation, it's clear that this is not yet
> supported, and my testing seems to confirm that. (currently working on
> a standard ppolicy setup).

nss-pam-ldapd indeed currently doesn't support LDAP ppolicy. For
password ageing using the shadow attributes is recommended. Versions of
nss-pam-ldapd since 0.8.3 check shadow attributes always, before that
you would have to rely on pam_unix checking shadow attributes.

> my question is if/when there are plans to actually implement ppolicy
> in nslcd and the supporting libraries?  If there is no plans, does
> anyone have pointers on work arounds I could attempt to achieve my
> goals?

If you're willing to implement this in nslcd I can assist. I've had a
look a little while back but only made a very small start. Some pointers
If anyone else has time to look at this now I would welcome patches for


-- arthur - - --
To unsubscribe send an email to or see