> > > > After "userPassword", insert "|| shadowLastChange " and click on OK and > > again on OK on the parent window. > > The problem we had with using the shadow attributes is that not all > platforms honor them (I don't recall seeing Solaris update > shadowLastChange). Well that's unsettling. I'd have thought the nss_ldap would provide adherence to RFC2307, where I believe shadowAccount to be outlined, across platforms. And I'd have thought Solaris to support it foremost. My implementations have been all Linux, but I know what I am going to test next. > You'd also need to remember to update the > shadowLastChange attribute manually if you reset a user's password by > some mechanism outside of PAM (from the Administrator's Console, for > example). Yes, I set this to today's date in my management scripts for command line account maintenance. FWIW, these scripts, and their templates, are here if anyone finds any use for them. http://www.panix.com/~kylet/ldap -- - Kyle --------------------------------------------- kylet at panix.com http://www.panix.com/~kylet ---------------------------------------------
