[Fedora-directory-users] Issue with fine-grained password policy
Nathan Kinder
nkinder at redhat.com
Thu Oct 26 01:16:42 UTC 2006
Howard Chu wrote:
>> Date: Wed, 25 Oct 2006 14:40:45 -0700
>> From: "George Holbert" <gholbert at broadcom.com>
>
>> Last time I looked at this, I vaguely recall finding that pam_ldap
>> doesn't pay too much attention to FDS password metadata for
>> expiration warnings or strength restrictions. So what you're seeing
>> may be the norm.
>> Hopefully someone else out there will have better news for you on this.
>
> Actually PADL's pam_ldap has had support for Netscape password policy
> for many years - you just have to enable it and tell it the DN of the
> policy object. Recently support has also been added for the IETF draft
> LDAP password policy specification too, and it works well with the
> OpenLDAP implementation of this spec. The OpenLDAP implementation has
> also been tested successfully with CA eTrust, so there are at least a
> couple implementations out there supporting the IETF spec.
Are you referring to the request and response controls defined in
draft-behera-ldap-password-policy-09? Fedora Directory Server also
supports the above mentioned controls.
-NGK
>
>> Ian Meyer wrote:
>>> > Hello all,
>>> >
>>> > I set up FDS 1.0.2 on a server and got everything configured and
>>> > imported etc etc.. things
>>> > work great, I can authenticate against it, make updates.. but I can
>>> > not get our linux
>>> > clients to warn me about changing my password, expiration, length,
>>> > etc.. I followed the instructions on
>>> >
>>> http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1074672
>>> >
>>> > to set up a global config, and a user config. Is there anything on
>>> the
>>> > client side for PAM that needs to be configured? I've been pouring
>>> > over this for a couple of days now so I may just be blind to a small
>>> > detail I may have missed. Any help/insight would be appreciated.
>>> >
>>> > Thanks in advance,
>>> > Ian
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20061025/275a2256/attachment.bin>
More information about the Fedora-directory-users
mailing list