[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap/pwd complexity and PAM?



Hey;

Apparently, in my efforts to be brief, I didn't adequately outline the scenario. Users need to be able to change their own passwords once their account is configured in ldap and assigned an initial password. That's where pam comes in. Obviously, if I (or the user) change a user's account via ldap commands, pam restrictions.

I just verified that a test user can change his password to anything he wants
via ldappasswd (bad... but have to have access to the command).

I also verified that the pam configuration affects password selection
when the user is trying to change the password via the passwd command. (got that working both locally and via ldap).

So, I got the answer to my question and raised a bunch more potential issues
that I'll have to ponder.

Thanks for the reply.

Doug O'Leary
------------
Senior UNIX/Security Admin
CISSP, CISA, RHCSA, CEH
O'Leary Computers Inc
dkoleary@olearycomputers.com (w) 630-904-6098 (c) 630-248-2749
linkedin: http://www.linkedin.com/in/dkoleary
resume: http://www.olearycomputers.com/resume.html