[Fedora-directory-users] posixaccount and shadowlastchange
Victor Hugo dos Santos
listas.vhs at gmail.com
Tue Sep 25 18:12:40 UTC 2007
2007/9/25, Steve Rigler <srigler at marathonoil.com>:
> On Tue, 2007-09-25 at 12:08 -0400, Victor Hugo dos Santos wrote:
> > 2007/9/25, Steve Rigler <srigler at marathonoil.com>:
> > > On Tue, 2007-09-25 at 09:55 -0400, Victor Hugo dos Santos wrote:
> >
> > [...]
> >
> > > Your accounts need to have the "shadowAccount" objectclass and
> > > "shadowLastChange" needs to be writable by ldap://self or by the dn that
> > > changes their password on their behalf (if you use "rootbinddn" in your
> > > pam ldap.conf).
> >
> > mmm... in test don't work..
> >
> > debian2:/etc/ssl/certs# getent shadow | grep camador
> > camador:*:13524::99999:7:::0
> >
> > debian2:/etc/ssl/certs# passwd camador
> > Enter login(LDAP) password:
> > New UNIX password:
> > Retype new UNIX password:
> > LDAP password information changed for camador
> > passwd: password updated successfully
> >
> > debian2:/etc/ssl/certs# getent shadow | grep camador
> > camador:*:13524::99999:7:::0
> >
> > how you can look.. the shadow info is the same, before y after the
> > change of password.
> >
> > any other idea ??
> >
> > thanks
> >
>
> Did you add an aci to allow write access to "shadowLastChange"?
ups... sorry.
now work fine !!!
any other recommendation for work with posixaccount and FDS and security ??
very, very thanks
--
--
Victor Hugo dos Santos
Linux Counter #224399
More information about the Fedora-directory-users
mailing list