> -----Original Message----- > From: fedora-directory-users-bounces at redhat.com > [mailto:fedora-directory-users-bounces at redhat.com] On Behalf > Of Jeff Falgout > Sent: Tuesday, June 14, 2005 12:45 PM > To: General discussion list for the Fedora Directory server project. > Subject: RE: pam_ldap and password policy > > Pete Rowley said: > > > > > >> -----Original Message----- > >> From: fedora-directory-users-bounces at redhat.com > >> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of > >> jclowser at unitedmessaging.com > >> Sent: Tuesday, June 14, 2005 11:26 AM > >> To: General discussion list for the Fedora Directory > server project. > >> Subject: Re: pam_ldap and password policy > >> changed. BTW - how would pam_ldap force the user to change their > >> password - can it do it itself, or would it require the > user to log > >> in and run passwd or something? It may not be possible. > >> > > > > PAM has the necessary protocol for password changes during > logon - in > > fact PAM gets called by passwd. However, I do not know off hand > > whether pam_ldap implements those functions. > > > > It seems that pam_ldap is checking the password policy - > > I've looked at ldap.conf so many times, I've overlooked this setting: > > # Search the root DSE for the password policy (works # with > Netscape Directory Server) pam_lookup_policy yes > > Now, when i login to the terminal after a password reset, the > login succeeds, but a messages flashes on the screen - > something about password after reset - and I'm taken back to > the login prompt. > > Any ideas? Sounds like pam_ldap doesn't implement this properly - it should be prompting you like passwd had been executed. I'll dig out that source code when I get a minute or two.
