Pam with Nis - when expired password
esebastian at atca.es
esebastian at atca.es
Thu Apr 29 16:13:47 UTC 2004
Hello:
We have 2 Linux: one working as a Nis server and the other one as Nis
client.
We want to make same password rules, i.e, password aged 30 days, etc,.....
When the password is expired and we try to login in the server, we get the
expired password message and
we must change it, but when we login in the client it doesn´t work ( we
don´t receive the advice and we can
login with the expired password). It seems like the password aging doesn´t
work in the client.
Our pam modules are the following:
password:
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
login:
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_tally.so onerr=fail no_magic_root
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_tally.so deny=3 no_magic_root reset
account required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_warn.so
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
system-auth:
#%PAM-1.0
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so nis shadow debug audit
password required /lib/security/pam_cracklib.so retry=3 minlen=2
dcredit=0 ucredit=0
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
shadow nis debug audit
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
More information about the Pam-list
mailing list