Jason Russler wrote:
Hi all,
I imported our Unix/Linux password and shadow files into FDS recently
(using LdapImport.pl) and I'm trying to figure out the difference or
conflicts between the shadowaccount object class attributes (shdowmax,
shadowwarning etc.) and the passwordexpiriationtime and
passwordexpiredwarned etc. attributes that I assume come from the
Password policy settings features of the directory.
I'm having trouble getting inconsistent results when expiring accounts
to test whether or not the PAM ldap client (on RedHat Enterprise 4
systems) weighs one set of attributes more more over the other or even
cares about them at all. Does anyone have experience with the PAM
clients and the directory's password policy settings vs. the
shadowaccount attributes? Should I quit using the password and
password expiration features and just use the shadowaccount attributes
or ditch the shadowaccount object class altogether?
If PAM will honor the password expiration policy then I may just write
a little something to set the policy attributes from the shadow
attributes of the imported files and then remove shadowaccount OC
altogether. Any thoughts?
PAM should honor the Fedora DS password policy, so I
don't think you
need the shadow stuff anymore.
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users