> Date: Wed, 25 Oct 2006 14:40:45 -0700 > From: "George Holbert" <gholbert at broadcom.com> > Last time I looked at this, I vaguely recall finding that pam_ldap > doesn't pay too much attention to FDS password metadata for expiration > warnings or strength restrictions. So what you're seeing may be the norm. > Hopefully someone else out there will have better news for you on this. Actually PADL's pam_ldap has had support for Netscape password policy for many years - you just have to enable it and tell it the DN of the policy object. Recently support has also been added for the IETF draft LDAP password policy specification too, and it works well with the OpenLDAP implementation of this spec. The OpenLDAP implementation has also been tested successfully with CA eTrust, so there are at least a couple implementations out there supporting the IETF spec. > Ian Meyer wrote: >> > Hello all, >> > >> > I set up FDS 1.0.2 on a server and got everything configured and >> > imported etc etc.. things >> > work great, I can authenticate against it, make updates.. but I can >> > not get our linux >> > clients to warn me about changing my password, expiration, length, >> > etc.. I followed the instructions on >> > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1074672 >> > >> > to set up a global config, and a user config. Is there anything on the >> > client side for PAM that needs to be configured? I've been pouring >> > over this for a couple of days now so I may just be blind to a small >> > detail I may have missed. Any help/insight would be appreciated. >> > >> > Thanks in advance, >> > Ian -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/