[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Password expiration
Hi Cris,
On 27/03/12 00:46, Collins, Cris L. wrote:
> I am running OpenLDAP as packaged for CentOS 5 and having problems with
> password expiration.
> Users are being told every time they login that their password has expired
> and to change their password. When ShadowMax is changed to 99999 their
> passwords are not expiring. The preferable setting is 90 days.
> ShadowLastChange is updating to the correct date when they input a new
> password. Thank you for you time and input as to why this might be
> occurring.
shadow attributes are used by UNIX systems during authentication,
depending on your system configuration (PAM, pam_ldap, login.defs...)
However, the OpenLDAP server itself will not use these attributes to
prevent binds by LDAP, which is what I understand you expect. For this,
check out the ppolicy overlay.
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------