[Fedora-directory-users] posixaccount and shadowlastchange
Steve Rigler
srigler at marathonoil.com
Tue Sep 25 15:31:20 UTC 2007
On Tue, 2007-09-25 at 09:55 -0400, Victor Hugo dos Santos wrote:
> Hello,
>
> Linux authentication based in FDS work fine, i log in the system for
> ssh and all users is in the FDS directory. cool !!!
>
> but, i need use police security account for users (for example, in 60
> days this users need change the password or can't use the same
> password 3 times consecutive).
>
> but the FDS dont work with shadow parameters, i run "getent passwd"
> and look all users (local and in FDS) but I run "getent shadow" and
> only show the local account, none account in the FDS.
>
> how is possible manage the security police from posixaccount and more
> important, that for users continue being one transparent process.
>
> URL ?? manual ?? docs ?? others ??
>
> thanks
>
> --
Your accounts need to have the "shadowAccount" objectclass and
"shadowLastChange" needs to be writable by ldap://self or by the dn that
changes their password on their behalf (if you use "rootbinddn" in your
pam ldap.conf).
-Steve
More information about the Fedora-directory-users
mailing list