[K12OSN] Password Policy

Brad Johnson bjohnson at independence.k12.ia.us
Tue Apr 4 19:39:52 UTC 2006 

Sorry....I wasn't clear on all my responses
On Apr 4, 2006, at 2:25 PM, Toshio Kuratomi wrote:

> On Tue, 2006-04-04 at 14:00 -0500, Brad Johnson wrote:
>> I did try that but it didn't seem to work....however I didn't reboot
>> and I'm a little afraid to reboot.
>
> You shouldn't need to reboot.  When you say it doesn't work, do you  
> mean
> it doesn't allow you to set a weak password?  It doesn't allow you to
> login?  It doesn't allow you to set any new password?
It does not allow me to set a weak password...it will allow me to set  
a new password
>
>>   Here's another interesting
>> item....if I change the password succesfully, it doesn't actually
>> seem to update in the ldap directory on the OS X server.
>
> this sounds as though you have something screwy at a deeper level as
> well.  Did you use the authconfig program to setup your connection to
> the OSX ldap server or soemthing different?
Yes, I used authconfig to setup LDAP access, and all my users can  
successfully login to the LDAP server with their LDAP passwords.

> Is pam_ldap one of the
> modules being stacked in /etc/pam.d/system-auth?
yes, it is listed on the following lines:
auth sufficient /path/to/file/pam_ldap.so use_first_pass

as well as on

password sufficient /path/to/file/pam_ldap.so use_authok

> It sounds as though
> the update is updating /etc/passwd and /etc/shadow on the K12ltsp  
> server
> instead of in the OSX server.  So the K12 server is reading
> from /etc/passwd ad from the ldap server but it is writing only
> to /etc/passwd.
>
> When you use the passwd command does it prompt you with:
> Enter login(LDAP) password:
>
> or does it just print
> New UNIX password:

Yes, this is weird isn't it.  When I run passwd, it first asks for  
'Enter Login(LDAP) password',
and after that has been successfully entered it asks for
'New UNIX password'

So it appears to be authenticating to LDAP, but updating the local  
Unix password on the LTSP box

Thanks,

Brad
>
> -Toshio
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

More information about the K12OSN mailing list