> PAM should honor the Fedora DS password policy, so I don't think you > need the shadow stuff anymore. I agree with Rich. Also, in my testing I found that Solaris 8 native LDAP clients ignore the shadow attributes, which meant the shadow method is useless for my particular situation. Richard Megginson wrote: > Jason Russler wrote: >> Hi all, >> I imported our Unix/Linux password and shadow files into FDS recently >> (using LdapImport.pl) and I'm trying to figure out the difference or >> conflicts between the shadowaccount object class attributes >> (shdowmax, shadowwarning etc.) and the passwordexpiriationtime and >> passwordexpiredwarned etc. attributes that I assume come from the >> Password policy settings features of the directory. >> >> I'm having trouble getting inconsistent results when expiring >> accounts to test whether or not the PAM ldap client (on RedHat >> Enterprise 4 systems) weighs one set of attributes more more over the >> other or even cares about them at all. Does anyone have experience >> with the PAM clients and the directory's password policy settings vs. >> the shadowaccount attributes? Should I quit using the password and >> password expiration features and just use the shadowaccount >> attributes or ditch the shadowaccount object class altogether? >> >> If PAM will honor the password expiration policy then I may just >> write a little something to set the policy attributes from the shadow >> attributes of the imported files and then remove shadowaccount OC >> altogether. Any thoughts? > PAM should honor the Fedora DS password policy, so I don't think you > need the shadow stuff anymore. >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
