Pam with Nis - when expired password

[esebastian at atca.es]

Hello:

We  have  2  Linux:  one working as a  Nis server and the other one as  Nis
client.
We want to make same password rules, i.e,  password aged 30 days, etc,.....
When  the password is expired and we try to login in the server, we get the
expired password message and
we  must  change  it,  but when we login in the client it doesn´t work ( we
don´t receive the advice and we can
login  with the expired password). It seems like the password aging doesn´t
work in the client.

   Our pam modules  are the following:

password:

#%PAM-1.0
auth       required pam_stack.so service=system-auth
account    required pam_stack.so service=system-auth
password   required  pam_stack.so service=system-auth

login:

#%PAM-1.0
auth       required  /lib/security/pam_securetty.so
auth       required /lib/security/pam_stack.so service=system-auth
auth       required  /lib/security/pam_tally.so onerr=fail no_magic_root
auth       required  /lib/security/pam_nologin.so
account    required  /lib/security/pam_tally.so deny=3 no_magic_root reset
account    required  /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_warn.so
password   required /lib/security/pam_stack.so service=system-auth
session    required /lib/security/pam_stack.so service=system-auth
session    optional /lib/security/pam_console.so



system-auth:

#%PAM-1.0
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so
account     required      /lib/security/pam_unix.so nis shadow debug audit
password     required       /lib/security/pam_cracklib.so  retry=3 minlen=2
dcredit=0  ucredit=0
password     sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow nis debug audit
password    required      /lib/security/pam_deny.so
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so