Thank you Patrick for your answer. Is it there a possibility to have a copy of your pam configuration (system-auth*) and ldap.conf, with sensitive data masked? I tried everything so far an no progress. When your accounts gets locked, there should be some attributed added (passwordRetryCount/accountUnlockTime), I don't get these attributes added after failing the password several times. ¿Any other suggestion to debug the problem? Thanks -----Mensaje original----- De: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] En nombre de Morris, Patrick Enviado el: Jueves, 11 de Marzo de 2010 02:36 p.m. Para: General discussion list for the 389 Directory server project. Asunto: Re: [389-users] Password policies and account policies with PAM Ivan Ferreira wrote: > > Hi everybody. > > > > I'm testing the password policies and account lockout policies on > Directory Server 1.2.2. > > > > For account lockout policies, it seems that it does not works with pam > authentication, for example for services like login or ssh. > > > > If I set the account lockout on 3 failures, I can login to the system > after any number of failures. No relevant messages on logs. > > > > The same for the password change after reset. It's not required to > change the password. > > > > ¿Does anybody successfully configured password and account policies > for OS authentication? > > > > In /etc/ldap.conf I have: > > > > pam_lookup_policy yes > > > > Thanks in advance. > That same setting works fine for me here. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users AVISO LEGAL: Esta información es privada y confidencial y está dirigida únicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha información por favor elimine el mensaje. La distribución o copia de este mensaje está estrictamente prohibida. Esta comunicación es sólo para propósitos de información y no debe ser considerada como propuesta, aceptación ni como una declaración de voluntad oficial de NUCLEO S.A. La transmisión de e-mails no garantiza que el correo electrónico sea seguro o libre de error. Por consiguiente, no manifestamos que esta información sea completa o precisa. Toda información está sujeta a alterarse sin previo aviso. This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from NUCLEO S.A. . Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
