I know this is outside the scope of the 389 list, but my Google-fu is failing me on this one. If I change the password to the account on the LDAP server and verify "passwordmustchange: on," I can ssh in to the test host with the new password all day long, and never get asked to change it. I'm hoping someone has seen a document recently that they could link to. I've seen the "PAM Configuration for LDAP Client Systems" page on the wiki. That deals more with setting password expiration, though. Thanks! David -- David - Offbeat http://dafydd.livejournal.com dafydd - Online http://pgp.mit.edu/ Battalion 4 - Black Rock City Emergency Services Department Integrity*Commitment*Communication*Support -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
