[Fedora-directory-users] Shadow account vs. password policy
Richard Megginson
rmeggins at redhat.com
Fri May 19 14:18:29 UTC 2006
Jason Russler wrote:
> Hi all,
> I imported our Unix/Linux password and shadow files into FDS recently
> (using LdapImport.pl) and I'm trying to figure out the difference or
> conflicts between the shadowaccount object class attributes (shdowmax,
> shadowwarning etc.) and the passwordexpiriationtime and
> passwordexpiredwarned etc. attributes that I assume come from the
> Password policy settings features of the directory.
>
> I'm having trouble getting inconsistent results when expiring accounts
> to test whether or not the PAM ldap client (on RedHat Enterprise 4
> systems) weighs one set of attributes more more over the other or even
> cares about them at all. Does anyone have experience with the PAM
> clients and the directory's password policy settings vs. the
> shadowaccount attributes? Should I quit using the password and
> password expiration features and just use the shadowaccount attributes
> or ditch the shadowaccount object class altogether?
>
> If PAM will honor the password expiration policy then I may just write
> a little something to set the policy attributes from the shadow
> attributes of the imported files and then remove shadowaccount OC
> altogether. Any thoughts?
PAM should honor the Fedora DS password policy, so I don't think you
need the shadow stuff anymore.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060519/5021748e/attachment.bin>
More information about the Fedora-directory-users
mailing list