[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap/pwd complexity and PAM?
Doug OLeary wrote:
Hi;
In my free time, I've been studying openldap and the ppolicy overlay.
I started working on password complexity today. While searching for
information on implementing complexity, I ran across the link immediately
following which seems to indicate that openldap honors the settings in
/etc/pam.d/password-auth.
http://ubuntuforums.org/showthread.php?t=2172393
No, that's not what that thread says at all.
I tried configuring that on a test kvm and can't even get it working
with local accounts so obviously I borked something in the password-auth
file - like maybe not even the right pam.d file; however, before I spend
a whole lot of time troubleshooting this, is my understanding accurate?
Will openldap honor the settings in pam.d?
No, OpenLDAP doesn't know anything about PAM settings. All that that thread is
saying is that you must configure PAM correctly if you want PAM to enforce
password quality *when you change passwords using PAM*.
If you change LDAP passwords via LDAP, PAM is nowhere in the picture.
It seems that'd be a whole lot cleaner and more supportable than compiling
a specialized password checking module.
Any info greatly appreciated. Thanks for your time.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/