Please forgive me if I'm asking silly newbie questions, however I'm
trying to understand exactly what I'm seeing thru fds; first the policy
I've configured on the directory using the fds console:
I've enabled fine-grain password policy for the data unit, including
password history enforcement, password expiration after 90 days,
password warning 14 days before password expires, check password syntax,
account lockout policy enabled after 3 login failures for 120 minutes
and reset failure count after 15 minutes.
Everything seems to be working except for send password warning; in the
client's ldap.conf file, I've enabled pam_lookup_policy yes.
Looking at account information attributes for a user, passwordexpwarnd
value is 0; I've reset users password to try to initialize the password
policy, however this value never seems to change. According to this
81 I believe that this attribute is stored in seconds. Is this true?
If so, what can I do to ensure this attribute is getting updated
(assuming that this is the attribute responsible for triggering password
I've looked at this wiki
and near the very
bottom it mentions adding the following
passwordMaxAge: 8640000 (this I believe would give a password max age
of 100 days)
Do I need to add these attributes even though I've configured the
password policy using fds console has done this for me. Is this the
case, I see don't these attributes in the gui, however I do see
passwordexpirationtime as an attribute and is set to 90 days from now
(I'm want to ensure that accounts are indeed locked after passwords have
Also, Jim Summers posted to this group that he saw an issue with
shadowpasswd / shadowexpire fields not being updated
Can anyone tell me what these fields are used for, as I don't see any
mention of them in this documentation
Thanks again very much.
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and
The information contained in this electronic message is intended for the exclusive use of
the individual or entity named above and may contain privileged or confidential
information. If the reader of this message is not the intended recipient or the employee
or agent responsible to deliver it to the intended recipient, you are hereby notified that
dissemination, distribution or copying of this information is prohibited. If you have
received this communication in error, please notify the sender immediately by telephone
and destroy the copies you received.