Jeff Falgout said: > Brian Peters said: >> Jeff,<br> >> <br> >> I have been able to get this to work with pam_ldap. In fact, it >> works >> regardless of the pam_lookup_policy setting. One thing that may be >> throwing you is how you are resetting the password. According to >> the >> docs, only a password reset by the Directory Manager will force the >> user to change their password on the next bind attempt/login.<br> >> <br> >> So before you wrack your brain over your pam/ldap configuration on the >> client, try logging in to the admin web interface and change the users >> password as the Directory Manager. Then reauthenticate on the web >> interface as that user and see if it tells you that you need to change >> your password. If it doesn't prompt you to change your password, >> then >> there is something wrong with your password policy configuration, not >> pam_ldap.<br> >> <br> >> Brian<br> >> <br> > > Thanks Brian - > > I didn't think to check the web interface - the password changed IS forced > after a reset when authenticating to the admin web interface. > > I rechecked the RHEL 3 and 4 boxen - the RHEL 3 box DOES enforce the > password change correctly, but only on the terminal login, not sshd. RHEL > 4 doesn't work for login or sshd. > I updated to the latest openssh and pam on both the RHEL3 and RHEL4 boxes - sshd and login now both prompt for a password change on the RHEL3 boxes, but RHEL4 is still broken. Baby steps . . .
