Brian Peters said: > Jeff,<br> > <br> > I have been able to get this to work with pam_ldap. In fact, it > works > regardless of the pam_lookup_policy setting. One thing that may be > throwing you is how you are resetting the password. According to the > docs, only a password reset by the Directory Manager will force the > user to change their password on the next bind attempt/login.<br> > <br> > So before you wrack your brain over your pam/ldap configuration on the > client, try logging in to the admin web interface and change the users > password as the Directory Manager. Then reauthenticate on the web > interface as that user and see if it tells you that you need to change > your password. If it doesn't prompt you to change your password, > then > there is something wrong with your password policy configuration, not > pam_ldap.<br> > <br> > Brian<br> > <br> Thanks Brian - I didn't think to check the web interface - the password changed IS forced after a reset when authenticating to the admin web interface. I rechecked the RHEL 3 and 4 boxen - the RHEL 3 box DOES enforce the password change correctly, but only on the terminal login, not sshd. RHEL 4 doesn't work for login or sshd. -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
