Re: Plans for implementing ppolicy?

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Ryan Steele <ryans [at] aweber.com>
To: Arthur de Jong <arthur [at] arthurdejong.org>
Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Plans for implementing ppolicy?
Date: Wed, 12 Sep 2012 08:50:00 -0400

FWIW, I still use an older version of nss-pam-ldapd on some of my Ubuntu 
systems (package version 0.7.6-1 on Hardy & Lucid, which includes a few 
backported changes, but certainly not as new ast 0.8.3) w/ ppolicy, and it 
works just fine in terms of locking out users for password expiry, failed 
consecutive logins, and so on.  Maybe I'm not understanding the issue you are 
dealing with clearly?  We also have some newer systems that use nssov (which 
uses nss-ldapd under the hood) if it's an option for you - we've gotten our 
desired results from that setup as well.

Arthur de Jong wrote:
> On Tue, 2012-09-11 at 11:39 -0600, Ryan Kish wrote:
>> I have been working on improving my ldap setup for some time. On my
>> list of action items is password aging and failed login attempt
>> lockouts. Per the documentation, it's clear that this is not yet
>> supported, and my testing seems to confirm that. (currently working on
>> a standard ppolicy setup).
> 
> nss-pam-ldapd indeed currently doesn't support LDAP ppolicy. For
> password ageing using the shadow attributes is recommended. Versions of
> nss-pam-ldapd since 0.8.3 check shadow attributes always, before that
> you would have to rely on pam_unix checking shadow attributes.
> 
>> my question is if/when there are plans to actually implement ppolicy
>> in nslcd and the supporting libraries?  If there is no plans, does
>> anyone have pointers on work arounds I could attempt to achieve my
>> goals?
> 
> If you're willing to implement this in nslcd I can assist. I've had a
> look a little while back but only made a very small start. Some pointers
> here:
>   http://lists.arthurdejong.org/nss-pam-ldapd-users/2012/msg00125.html
> If anyone else has time to look at this now I would welcome patches for
> it.
> 
> Thanks,
> 
> 

-- 
Ryan Steele                                    ryans@aweber.com
Systems Administrator                          +1 215-825-2196 x758
AWeber Communications                          http://www.aweber.com
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Plans for implementing ppolicy?, Ryan Kish
- Re: Plans for implementing ppolicy?, Arthur de Jong
  - Re: Plans for implementing ppolicy?, Ryan Steele

Prev by Date: Re: Plans for implementing ppolicy?
Next by Date: Openldap and shadowMax Problem
Previous by thread: Re: Plans for implementing ppolicy?
Next by thread: Openldap and shadowMax Problem