Jason Russler wrote: > Hi all, > I imported our Unix/Linux password and shadow files into FDS recently > (using LdapImport.pl) and I'm trying to figure out the difference or > conflicts between the shadowaccount object class attributes (shdowmax, > shadowwarning etc.) and the passwordexpiriationtime and > passwordexpiredwarned etc. attributes that I assume come from the > Password policy settings features of the directory. > > I'm having trouble getting inconsistent results when expiring accounts > to test whether or not the PAM ldap client (on RedHat Enterprise 4 > systems) weighs one set of attributes more more over the other or even > cares about them at all. Does anyone have experience with the PAM > clients and the directory's password policy settings vs. the > shadowaccount attributes? Should I quit using the password and > password expiration features and just use the shadowaccount attributes > or ditch the shadowaccount object class altogether? > > If PAM will honor the password expiration policy then I may just write > a little something to set the policy attributes from the shadow > attributes of the imported files and then remove shadowaccount OC > altogether. Any thoughts? PAM should honor the Fedora DS password policy, so I don't think you need the shadow stuff anymore. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060519/5021748e/attachment.bin
