passwordExpirationTime: 19700101000000Z
It should force the user to change their password on their next login. Keep in mind you will not get a prompt if use use a passwordless ssh login via rsa key exchange.
Hope that helps.
Thanks,
Aaron
On Tue, Jun 14, 2011 at 5:03 PM, David Barr <dafydd@xxxxxxxxxx> wrote:
I know this is outside the scope of the 389 list, but my Google-fu is
failing me on this one.
If I change the password to the account on the LDAP server and verify
"passwordmustchange: on," I can ssh in to the test host with the new
password all day long, and never get asked to change it.
I'm hoping someone has seen a document recently that they could link to.
I've seen the "PAM Configuration for LDAP Client Systems" page on the
wiki. That deals more with setting password expiration, though.
Thanks!
David
--
David - Offbeat http://dafydd.livejournal.com
dafydd - Online http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
Integrity*Commitment*Communication*Support
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
