RSS feed

Re: Openldap and shadowMax Problem

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Openldap and shadowMax Problem

On Fri, 2012-09-14 at 13:30 -0500, cbulist wrote:
> I have set a user with ShadowMax  to 15 in order to get a expiration
> warning but it doesn't work and the client gets login. (I'm not using
> Password Policy)
> I read some post and them reference to pam_ldap.conf on the client, but
> I do not see any option about it.

There are actually two components that can enforce the shadow
properties. First is pam_unix which does this if nsswitch exposes shadow
information from LDAP (getent shadow <user> as root returns something
and getent passwd <user> returns "x" as a password). The second is

I think PADL's pam_ldap supports the shadowMax property. nss-pam-ldapd
supports it since 0.8.3.

The above depends on the details of your PAM stack and your
configuration. Posting information on nsswitch.conf, nslcd.conf (if
using nss-pam-ldapd) and your PAM configuration would be helpful.

-- arthur - - --
To unsubscribe send an email to or see