[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]


Paul Nicholas Faure wrote:
> I setup NIS on a few systems, with one NIS server. Everything works fine
> except for passwords that expire.
> On the server (does not use NIS), passwords expire properly, users can
> not longer login.
> On the clients, users can login after there password has expired.
> I was told that this sounds like a PAM problem.
> Here is my /etc/pam.d/login file:
> auth       required     /lib/security/pam_securetty.so
> auth       required     /lib/security/pam_pwdb.so shadow nullok
> auth       required     /lib/security/pam_nologin.so
> account    required     /lib/security/pam_unix.so
> password   required     /lib/security/pam_cracklib.so
> password   required     /lib/security/pam_pwdb.so shadow nullok
> session    required     /lib/security/pam_pwdb.so
> session    optional     /lib/security/pam_console.so
> Documentation tells me that 'account' is the pam type that does password
> aging. I have tried to replace /lib/security/pam_unix.so with
> /lib/security/pam_unix_acct.so and /lib/security/pam_pwdb.so with no
> luck.

Expiration time is stored in /etc/shadow not /etc/passwd.

The problem of exporting/rebuilding /etc/shadow over NIS
that shadow itself has no UID record, in the end all records
must be exported including root's!

The default setting ypserver of RH 6.x is to "merge"
/etc/passwd fields + /etc/shadow password field only.

But even after exporting shadows over NIS; the /lib/libpwdb
does not seem to check the expire time field in NIS shadow.

+---| Netscape Communicator 4.x |---| Powered by Linux 2.2.x |---+
|/v\ Agus Budy Wuysang                   MIS Department          |
| |  Phone:  +62-21-344-1316 ext 317     GSM: +62-816-1972-051   |
+--------| http://www.rad.net.id/users/personal/s/supes |--------+

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []