Hello PAM experts,
I am having a issue where PAM is not following my LDAP password policy.
Ideally, I'd like to have new users or password reset by administrators to be prompted to change the password upon logging in (using temporary password). However, I do not want expired accounts to be asked to change the password. How can I accomplish this?
In /etc/ldap.conf I have already uncommented
pam_lookup_policy yes
pam_password clear
but regardless of new or expired accounts, the login will prompt to change the password.
HELP!
thanks!
--Tony
PS. I have a Sun Directory Server 6.3.1 as my LDAP server, and running RedHat 5.x on many of my clients. (Solaris workstations are having the expected behavior)
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list