[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Forced password change not allowed



You probably don't have the slapd ACLs configured so clients can read the necessary shadow fields... particularly those governing password age (e.g., shadowLastChange, shadowMax).

On Tue, Jul 28, 2009 at 5:52 AM, <mlb@imparisystems.com> wrote:
I've got openLDAP running and installed the pam and nss libraries so it
would also control the Linux passwords. I'm trying to sign onto my server
using ssh - but once I enter my username and password, I get

WARNING: Your password has expired.
You must change your password now and login again!
Enter login(LDAP) password:

Now being a bad security person, I always use the exact same username /
password combination and they don't work.

If a use either nothing (just hit Enter) or if I put in the standard
password I get

passwd: Authentication information cannot be recovered
passwd: password unchanged
Connection to ubuntu closed.

If I enter in some nonsensical string I get

LDAP Password incorrect: try again
Enter login(LDAP) password:


However, that is the only root level user on the machine and I have TONS of
stuff on it. How do I fix? Is this an openLDAP issue or something else?

Thanks