[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: About set LDAP passwd expires



Simone Piccardi wrote:
On 11/11/2011 03:31, Chris Jacobs wrote:
Password Policy. The OpenLDAP Admin Guide and Google are your friends.

That's good for LDAP authentication, but when you want to put linux
users in LDAP then you need to have also to configure NSS and PAM to use it.

And for most distribution nssov (that if I understand rightly the issue
is the way to use ppolicy for NSS) is not packaged nor supported (and is
not documented too, at least in the Guide).

When did nssov come into the discussion? pam_ldap supports the password policy extension.

The Admin Guide has only ever been a Guide, not an exhaustive reference. The manpages are always the complete and authoritative documentation. If you choose not to use features because they aren't mentioned in the Guide, you're shortchanging yourself.

So at least for me the traditional posixAccount and posixGroup are still
a better option (and there are many management packages you can use).


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/