Issue with fine-grained password policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Howard Chu wrote:
>> Date: Wed, 25 Oct 2006 14:40:45 -0700
>> From: "George Holbert" <gholbert at broadcom.com>
>
>> Last time I looked at this, I vaguely recall finding that pam_ldap 
>> doesn't pay too much attention to FDS password metadata for 
>> expiration warnings or strength restrictions.  So what you're seeing 
>> may be the norm.
>> Hopefully someone else out there will have better news for you on this.
>
> Actually PADL's pam_ldap has had support for Netscape password policy 
> for many years - you just have to enable it and tell it the DN of the 
> policy object. Recently support has also been added for the IETF draft 
> LDAP password policy specification too, and it works well with the 
> OpenLDAP implementation of this spec. The OpenLDAP implementation has 
> also been tested successfully with CA eTrust, so there are at least a 
> couple implementations out there supporting the IETF spec.
Are you referring to the request and response controls defined in 
draft-behera-ldap-password-policy-09?  Fedora Directory Server also 
supports the above mentioned controls.

-NGK
>
>> Ian Meyer wrote:
>>> > Hello all,
>>> >
>>> > I set up FDS 1.0.2 on a server and got everything configured and
>>> > imported etc etc.. things
>>> > work great, I can authenticate against it, make updates.. but I can
>>> > not get our linux
>>> > clients to warn me about changing my password, expiration, length,
>>> > etc.. I followed the instructions on
>>> > 
>>> http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1074672 
>>> >
>>> > to set up a global config, and a user config. Is there anything on 
>>> the
>>> > client side for PAM that needs to be configured? I've been pouring
>>> > over this for a couple of days now so I may just be blind to a small
>>> > detail I may have missed. Any help/insight would be appreciated.
>>> >
>>> > Thanks in advance,
>>> > Ian
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061025/275a2256/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux