[Fedora-directory-users] pam_ldap and password policy
Jeff Falgout
jfalgout at ogov.net
Tue Jun 14 19:44:38 UTC 2005
Pete Rowley said:
>
>
>> -----Original Message-----
>> From: fedora-directory-users-bounces at redhat.com
>> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf
>> Of jclowser at unitedmessaging.com
>> Sent: Tuesday, June 14, 2005 11:26 AM
>> To: General discussion list for the Fedora Directory server project.
>> Subject: Re: [Fedora-directory-users] pam_ldap and password policy
>> changed. BTW - how would pam_ldap force the user to change
>> their password - can it do it itself, or would it require the
>> user to log in and run passwd or something? It may not be possible.
>>
>
> PAM has the necessary protocol for password changes during logon - in fact
> PAM gets called by passwd. However, I do not know off hand whether
> pam_ldap
> implements those functions.
>
It seems that pam_ldap is checking the password policy -
I've looked at ldap.conf so many times, I've overlooked this setting:
# Search the root DSE for the password policy (works
# with Netscape Directory Server)
pam_lookup_policy yes
Now, when i login to the terminal after a password reset, the login
succeeds, but a messages flashes on the screen - something about password
after reset - and I'm taken back to the login prompt.
Any ideas?
More information about the Fedora-directory-users
mailing list