Pete Rowley said: > > >> -----Original Message----- >> From: fedora-directory-users-bounces at redhat.com >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf >> Of jclowser at unitedmessaging.com >> Sent: Tuesday, June 14, 2005 11:26 AM >> To: General discussion list for the Fedora Directory server project. >> Subject: Re: pam_ldap and password policy >> changed. BTW - how would pam_ldap force the user to change >> their password - can it do it itself, or would it require the >> user to log in and run passwd or something? It may not be possible. >> > > PAM has the necessary protocol for password changes during logon - in fact > PAM gets called by passwd. However, I do not know off hand whether > pam_ldap > implements those functions. > It seems that pam_ldap is checking the password policy - I've looked at ldap.conf so many times, I've overlooked this setting: # Search the root DSE for the password policy (works # with Netscape Directory Server) pam_lookup_policy yes Now, when i login to the terminal after a password reset, the login succeeds, but a messages flashes on the screen - something about password after reset - and I'm taken back to the login prompt. Any ideas?
