> Date: Thu, 26 Oct 2006 12:06:08 -0500 > From: "Greg Copeland" <GCopeland at efjohnson.com> >> > Actually PADL's pam_ldap has had support for Netscape password policy >> > for many years - you just have to enable it and tell it the DN of the >> > policy object. Recently support has also been added for the IETF draft > > Can you expand on the "...tell it the DN..." part there? I misspoke. When you configure the pam_lookup_policy keyword pam_ldap will do an anonymous search in the rootDSE with a filter (objectclass=passwordPolicy) and use what it finds there. So the only requirement is that you give anonymous enough privileges to perform the search. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/
