[Fedora-directory-users] ShadowPassword / ShadowExpire
Jim Summers
jsummers at bachman.cs.ou.edu
Fri Dec 16 21:06:02 UTC 2005
Hello List,
Being in the midst of evaluating and hopefully migrating to FDS soon. I
have stumbled onto a odd problem.
My user information is kept in the People container. We have been using
shadowExpire / shadowLastChange fields.
This all seems to work except when a user's account is ready to expire
and is prompted to change their password. Using passwd, the user can
change the password, but the system continues to prompt for a new
password upon each successive login.
Looking at the data, the shadowExpire / LastChange never get updated. I
am also not seeing any errors being generated in the logs. I can
manually update those fields and the problem goes away. But I guess I
thought passwd / nss_ldap / pam would update those fields as needed.
Looking in the docs, all I see is configuring a password policy. But
that seems to be directed at users actually connecting to the directory
via console / ldapsearch, etc....
Initially I thought I was having some ACI issues but I am really not
sure. It could be that I need to drop the shadow stuff and configure
the password policy?
Advice or suggestions on what I am missing or where I have gone wrong?
TIA
--
Jim Summers
School of Computer Science-University of Oklahoma
-------------------------------------------------
More information about the Fedora-directory-users
mailing list