[Fedora-directory-users] SSH login and pwd expiration message
Stephen C. Rigler
srigler at marathonoil.com
Tue Dec 5 17:59:04 UTC 2006
On Tue, 2006-12-05 at 12:28 -0500, Kyle Tucker wrote:
> Assuming you're using shadowAccount attributes for your password expiry, you
> are seeing just what I saw until "write for self" access was given to users
> to up the shadowLastChange attribute. Here's how I fixed it in admin console.
>
> In Directory tab, select root domain
>
> Right click and select "Set Access Permissions"
>
> Select "Enable self-write for common attributes" and click on Edit
>
> After "userPassword", insert "|| shadowLastChange " and click on OK and
> again on OK on the parent window.
The problem we had with using the shadow attributes is that not all
platforms honor them (I don't recall seeing Solaris update
shadowLastChange). You'd also need to remember to update the
shadowLastChange attribute manually if you reset a user's password by
some mechanism outside of PAM (from the Administrator's Console, for
example).
-Steve
More information about the Fedora-directory-users
mailing list