Howard Chu wrote:
Are you referring to the request and response controls defined in draft-behera-ldap-password-policy-09? Fedora Directory Server also supports the above mentioned controls.Date: Wed, 25 Oct 2006 14:40:45 -0700 From: "George Holbert" <gholbert@xxxxxxxxxxxx>Last time I looked at this, I vaguely recall finding that pam_ldap doesn't pay too much attention to FDS password metadata for expiration warnings or strength restrictions. So what you're seeing may be the norm.Hopefully someone else out there will have better news for you on this.Actually PADL's pam_ldap has had support for Netscape password policy for many years - you just have to enable it and tell it the DN of the policy object. Recently support has also been added for the IETF draft LDAP password policy specification too, and it works well with the OpenLDAP implementation of this spec. The OpenLDAP implementation has also been tested successfully with CA eTrust, so there are at least a couple implementations out there supporting the IETF spec.
-NGK
Ian Meyer wrote:> Hello all, > > I set up FDS 1.0.2 on a server and got everything configured and > imported etc etc.. things > work great, I can authenticate against it, make updates.. but I can > not get our linux > clients to warn me about changing my password, expiration, length, > etc.. I followed the instructions on> http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1074672 > > to set up a global config, and a user config. Is there anything on the> client side for PAM that needs to be configured? I've been pouring > over this for a couple of days now so I may just be blind to a small > detail I may have missed. Any help/insight would be appreciated. > > Thanks in advance, > Ian
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
