On Aug 30, 2011, at 1:46 PM, Nalin Dahyabhai wrote:
It looks as though you're missing a part of your PAM
configuration. The
directory server log is indicating that the user failed the account
management portion of things ("Error from PAM during pam_acct_mgmt"),
and your PAM configuration doesn't appear to have any "account" modules
listed in it.
I'd suggest adding "account required pam_krb5.so" to the file, which
would both provide some configuration (so that the default, which is to
fail, isn't used) and let the module properly deny access when the
user's password has expired.
That seems to be the problem. Looks like it's working now. Thank you so much!
Sam