[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
shadow accounts
Hi,
I wanted to get some more detail on shadow accounts. From looking
at the archives, I see:
struct spwd {
char *sp_namp; /* user login name */ uid
char *sp_pwdp; /* encrypted password */ userpassword
long sp_lstchg; /* last password change */ shadowLastChange
int sp_min; /* days until change allowed. */ shadowMin
int sp_max; /* days before change required */ shadowMax
int sp_warn; /* days warning for expiration */ shadowWarning
int sp_inact; /* days before account inactive */ shadowInactive
int sp_expire; /* date when account expires */ shadowExpire
int sp_flag; /* reserved for future use */ shadowFlag
}
My question, is what are the values in the sp_expire, min, max and
so on. Are they seconds, actual number of days? I understand these
values to map to nis.schema values sure as shadowExpire and so on.
These appear to be of type 'EQUALITY integerMatch'. Does this mean I can't
to less than and greater than operations, only equality? I wasn't
sure what 'EQUALITY integerMatch' incorporated. I am still looking at
the RFCs, but haven't really found what I am looking for. Unfortunately,
I don't have access to a system that tells me more about the structure
spwd - only what I have found in the archives. On a tru64 system, the
structure similar to these would use seconds, not days so you could
disable at a certain time on a day (if you expire or inactive).
Also, does cli like ldapsearch/add/mod/... respect these values. As an
example, if I had the password for an id expired or set inact to 1 (is
this how you make it inactive?), would ldapsearch fail if I authenticated
against this id to do my search?
Thanks,
Cheers,
Douglas