On Tue, 2007-09-25 at 09:55 -0400, Victor Hugo dos Santos wrote: > Hello, > > Linux authentication based in FDS work fine, i log in the system for > ssh and all users is in the FDS directory. cool !!! > > but, i need use police security account for users (for example, in 60 > days this users need change the password or can't use the same > password 3 times consecutive). > > but the FDS dont work with shadow parameters, i run "getent passwd" > and look all users (local and in FDS) but I run "getent shadow" and > only show the local account, none account in the FDS. > > how is possible manage the security police from posixaccount and more > important, that for users continue being one transparent process. > > URL ?? manual ?? docs ?? others ?? > > thanks > > -- Your accounts need to have the "shadowAccount" objectclass and "shadowLastChange" needs to be writable by ldap://self or by the dn that changes their password on their behalf (if you use "rootbinddn" in your pam ldap.conf). -Steve
