Hello, all. We're continuing to dive ever deeper into DS. Our thanks to the developers for such a powerful product. Our integration with the RedHat family has gone well but now we're working on Ubuntu. Most is working well but we are finding Ubuntu is not enforcing password policies. For example, we require a user to change their password after a reset. When a user logs into a RedHat system, they are prompted for the change. However, Ubuntu just lets them right in again and again with the same reset password. Any pointers on what to look for to fix this in our configuration before we scour the world for a solution? We've already done quite a bit of googling. We've tried enabling pam_lookup_policy but that didn't work. /etc/pam.d/common-password reads: password requisite pam_cracklib.so retry=3 minlen=8 difok=3 password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass # here's the fallback if no module succeeds password requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around password required pam_permit.so We've also tried disabling that last pam_permit.so. That didn't help. Where should we look? Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan at opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society
