Re: nslcd + ppolicy expired passwords notifications and change prompt
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: nslcd + ppolicy expired passwords notifications and change prompt
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: Rodrigo Arigita del Cacho <rarigita [at] damal.es>, "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: Re: nslcd + ppolicy expired passwords notifications and change prompt
- Date: Tue, 28 May 2019 23:25:51 +0200
On Mon, 2019-05-27 at 12:02 +0000, Rodrigo Arigita del Cacho wrote:
> Does current versiĆ³n of nslcd + libraries support password change on
> ssh prompt when login in with expired password controlled by ppolicy?
It should but there could be bugs as the code errs towards denying
access if there is confusion.
> With pwdReset TRUE, on nslcd -d
> I get: LDAP_CONTROL_PASSWORDPOLICYRESPONSE (Password must be changed)
> it asks for password change
> else I get: LDAP_CONTROL_PASSWORDPOLICYRESPONSE (Password expired)
> Login denied, no password change.
I don't understand, do you get both messages on one login? The second
message seems to suggest that the password is no longer valid and
cannot be used for authentication.
There relevant code and logic is here:
https://arthurdejong.org/git/nss-pam-ldapd/tree/nslcd/myldap.c#n470
Btw, which version of nss-pam-ldapd are you using?
--
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --