Re: expired password reset prompt (0.9.2, ppolicy)

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "Trent W. Buck" <twb [at] cyber.com.au>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: expired password reset prompt (0.9.2, ppolicy)
Date: Tue, 6 May 2014 11:22:22 +1000

Arthur de Jong wrote:
> pwdGraceAuthNLimit: 10

Hm, I don't have one of these.
That is probably the entire problem,
since slapo-ppolicy(5) says

    If this attribute is not present or if its value is zero (0),
    users with expired passwords will not be allowed to authenticate
    to the directory.

I'm *pretty* sure I didn't need that under PADL -- you were able (and
forced) to set a new password before you could get a shell or X
session.

I'll get around to actual testing later this week (I hope).

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

expired password reset prompt (0.9.2, ppolicy), Trent W. Buck
- Re: expired password reset prompt (0.9.2, ppolicy), Arthur de Jong
  - Re: expired password reset prompt (0.9.2, ppolicy), Trent W. Buck
    - Re: expired password reset prompt (0.9.2, ppolicy), Arthur de Jong
      - Re: expired password reset prompt (0.9.2, ppolicy), Trent W. Buck

Prev by Date: Re: expired password reset prompt (0.9.2, ppolicy)
Next by Date: nss-pam-ldapd, AD and binding
Previous by thread: Re: expired password reset prompt (0.9.2, ppolicy)
Next by thread: backport 0.9.3-1 to debian 7