30 Aug
2011
30 Aug
'11
12:53 p.m.
On Aug 30, 2011, at 1:46 PM, Nalin Dahyabhai wrote:
It looks as though you're missing a part of your PAM configuration. The directory server log is indicating that the user failed the account management portion of things ("Error from PAM during pam_acct_mgmt"), and your PAM configuration doesn't appear to have any "account" modules listed in it.
I'd suggest adding "account required pam_krb5.so" to the file, which would both provide some configuration (so that the default, which is to fail, isn't used) and let the module properly deny access when the user's password has expired.
That seems to be the problem. Looks like it's working now. Thank you so much!
Sam