Jason Russler wrote:
PAM should honor the Fedora DS password policy, so I don't think you need the shadow stuff anymore.Hi all,I imported our Unix/Linux password and shadow files into FDS recently (using LdapImport.pl) and I'm trying to figure out the difference or conflicts between the shadowaccount object class attributes (shdowmax, shadowwarning etc.) and the passwordexpiriationtime and passwordexpiredwarned etc. attributes that I assume come from the Password policy settings features of the directory.I'm having trouble getting inconsistent results when expiring accounts to test whether or not the PAM ldap client (on RedHat Enterprise 4 systems) weighs one set of attributes more more over the other or even cares about them at all. Does anyone have experience with the PAM clients and the directory's password policy settings vs. the shadowaccount attributes? Should I quit using the password and password expiration features and just use the shadowaccount attributes or ditch the shadowaccount object class altogether?If PAM will honor the password expiration policy then I may just write a little something to set the policy attributes from the shadow attributes of the imported files and then remove shadowaccount OC altogether. Any thoughts?
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
