[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAP and PAM: account is expired, but pam_ldap allows authentification
- To: openldap-technical@openldap.org
- Subject: LDAP and PAM: account is expired, but pam_ldap allows authentification
- From: Konstantin Boyandin <temmokan@gmail.com>
- Date: Thu, 13 Jan 2011 13:15:34 +0600
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :subject:content-type:content-transfer-encoding; bh=7dyAq30B8EC7HNPzhafzWi2/nJD3VcSOwwf1BkBXpuk=; b=T46a+vzsbXL5VqD+qjX/QyPLi/j0t9GcQUdV7PcnXRPPIZhoBx6gwUsRyGTbWhvjeA xNja8AKBVs/vQr1kLmAyngfNUBoGJ8MEfGB9M1lTsLNbYuNVciYQECEV0rqKiWmxWs/W 1TTEciJPRJwExk9+ralmeI+3/6eG/9bP46HLw=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=VNIh4OORWptK3s6WlndrD5/76WE7Qa7BbxU4lcKoDh7hBLc2G/R/sJMIiDaWUJK/iz L3pl2XYQygREyNbhwsb5N/ewlEk16PYyT6+QHck6uwoTXTC2xyNE2jakj9aQkONNaeWe CRMywhrVqSeWAPLB+GWFHHrtIf/mVKmZPSp7M=
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Thunderbird/3.1.7
Hello,
Could someone direct me to the source of wisdom to solve this: I have
set correctly the fields (attributes)
shadowExpire
shadowLastChange
shadowMin
shadowMax
to make the account expired (OpenLDAP used to run NT domain), but when I
ssh to a server using pam_ldap authentication, it is still allowed to login.
How pam_ldap should be instructed to take the expiration attributes ito
account?
Thanks.
Sincerely,
Konstantin