[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ppolicy with Solaris 10
- To: openldap-technical@openldap.org
- Subject: ppolicy with Solaris 10
- From: Wynand Jansen van Vuuren <esawyja@gmail.com>
- Date: Wed, 13 Jul 2011 10:06:32 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=zsojWtY6MMYhwexaPPR27Nr0t/cclBJxJ3Fx7vAXmG8=; b=DtoLxvt1rblmjt/ZJKt7KbvzSkxPgRBNIsqYRf9UOdt6LlTka8B9H95NCdia0dNFff KBRdbxygxBQ4rdclWhCN3c/SbmbvyJFFIFsxoIIQzjoVTLatY/QqfvG6nXHN2zDg8suk 8+suJtsIguX7XATn+rBmi176HV0qv7ndZK8H8=
My slapd.conf file is as follow
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload ppolicy.la
# moduleload /usr/local/libexec/openldap/ppolicy.so
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
and
overlay ppolicy
ppolicy_default "cn=default,ou=Policies,dc=rorotika,dc=com"
ppolicy_use_lockout
When I start slapd in debug with d 255, I get the following "error"?
ine 21 (loglevel 4)
line 22 (pidfile /usr/local/var/run/slapd.pid)
line 23 (argsfile /usr/local/var/run/slapd.args)
line 26 (modulepath /usr/local/libexec/openldap)
line 27 (moduleload ppolicy.la)
loaded module ppolicy.la
module ppolicy.la: null module registered
line 65 (access to dn.base="" by * read)
>>> dnNormalize: <>
<<< dnNormalize: <>
Backend ACL: access to dn.base=""
by * read
The line that consern me is "module ppolicy.la: null module
registered", is this a problem? The ppolicy does not seen to
overlay... It seems that the Solaris 10 settings is still valid, for
example
It seems that this policy is not activated, for example the
pwdMinLength: is set to 3, but when the user changes his/her password,
it seems that the Solaris policy takes over from the
/etc/default/passwd file
test5:/ $ ssh admin777@10.1.1.5
* * * * * * * * * * * * W A R N I N G * * * * * * * * * * * * * *
THIS SYSTEM IS RESTRICTED TO AUTHORIZED USERS FOR AUTHORIZED USE
ONLY. UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED AND MAY BE
PUNISHABLE UNDER THE COMPUTER FRAUD AND ABUSE ACT OR OTHER
APPLICABLE LAWS. IF NOT AUTHORIZED TO ACCESS THIS SYSTEM,
DISCONNECT NOW. BY CONTINUING, YOU CONSENT TO YOUR KEYSTROKES
AND DATA CONTENT BEING MONITORED. ALL PERSONS ARE HEREBY
NOTIFIED THAT THE USE OF THIS SYSTEM CONSTITUTES CONSENT
TO MONITORING AND AUDITING.
* * * * * * * * * * * * W A R N I N G * * * * * * * * * * * * *
Password:
Last login: Tue Jul 12 11:14:22 2011 from test5.example.
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
Sourcing //.profile-EIS.....
test5:/ $ id
uid=5011(admin777) gid=1000(users) groups=1000(users)
test5:/ $ passwd
passwd: Changing password for admin777
Enter existing login password:
New Password:
passwd: Password too short - must be at least 8 characters.
Please try again
New Password:
test5:/ $ cat /etc/default/passwd
#ident @(#)passwd.dfl 1.7 04/04/22 SMI
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
MAXWEEKS=13
MINWEEKS=
PASSLENGTH=8
# NAMECHECK enables/disables login name checking.
Could someone point me in the right direction please?