[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ppolicy, was: Re: {CRYPT} password to {SHA}
Buchan Milne wrote:
Or, you can have one default policy, and override it (by setting the
pwdPolicySubentry to the other policy) on all the entries which should not
use the default policy. Which one you make the default, you will have to
decide.
I am curious how the mechanism of enforcing the policy through various
login "points" works. For example ssh, subversion, email and ftp all
authenticate to LDAP, via pam. Some people use ssh, all people use email
and some people use subversion. Ftp is mostly used by external clients,
who have no way of acting upon a password expiration.
Email seems to be the common thing amongst all users whose password
"should" expire and who can change it. How can LDAP tell an email
client, through pam that the password is about to expire, or has
expired? Or does this happen automagically?
Thanks,
Jeroen