In our environment, we have users that authenticate to our LDAP server in a few ways:
1) they log into the server directly using SSH via PuTTY; 2) they log in to our server using FileZilla or WS_FTP using SFTP; 3) they authenticate their account via the LDAP on a Windows server using pGina
In method 1, they are prompted to change their password if it is expired, or are given the warning about the password will expire in X days. How do I have the user get a similar warning/message when connecting via methods 2 and 3? We have a lot of users who get themselves flustered because they think they have the right password, but because they're never warned or given a message, they think its wrong, put in a few more passwords, and eventually lock their account out.
Any ideas? Harry
Harry Devine Common ARTS Software Development AJM-245 (609)485-4218 Harry.Devine@faa.gov
It's up to the client to support warnings about password expiration (that true in general, not just where LDAP is involved). I have no idea how, or even if, WS_FTP, Filezilla or pGina support that, but I suspect they don't.
In my environment I've written scripts that will send emails when a password is close to expiration, since the clients many of our users connect with will never do it.
From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of harry.devine@faa.gov Sent: Thursday, August 09, 2012 1:02 PM To: 389-users@lists.fedoraproject.org Subject: [389-users] Question about expired/expiring passwords
In our environment, we have users that authenticate to our LDAP server in a few ways:
1) they log into the server directly using SSH via PuTTY; 2) they log in to our server using FileZilla or WS_FTP using SFTP; 3) they authenticate their account via the LDAP on a Windows server using pGina
In method 1, they are prompted to change their password if it is expired, or are given the warning about the password will expire in X days. How do I have the user get a similar warning/message when connecting via methods 2 and 3? We have a lot of users who get themselves flustered because they think they have the right password, but because they're never warned or given a message, they think its wrong, put in a few more passwords, and eventually lock their account out.
Any ideas? Harry
Harry Devine Common ARTS Software Development AJM-245 (609)485-4218 Harry.Devine@faa.gov
Yeah, I figured as much, but thought I'd ask. I have a script that runs nightly to notify users of impending expirations, and it works well. Unfortunately, they usually get ignored, which is why I thought if the "you password is due to expire in X days" hits them whereever and however they connect, that would help.
No big deal. Thanks for the help! Harry
From: "Morris, Patrick" patrick.morris@hp.com
To: "389-users@lists.fedoraproject.org" 389-users@lists.fedoraproject.org Date: 08/09/2012 04:41 PM Subject: Re: [389-users] Question about expired/expiring passwords Sent by: 389-users-bounces@lists.fedoraproject.org
It’s up to the client to support warnings about password expiration (that true in general, not just where LDAP is involved). I have no idea how, or even if, WS_FTP, Filezilla or pGina support that, but I suspect they don’t.
In my environment I’ve written scripts that will send emails when a password is close to expiration, since the clients many of our users connect with will never do it.
From: 389-users-bounces@lists.fedoraproject.org [ mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of harry.devine@faa.gov Sent: Thursday, August 09, 2012 1:02 PM To: 389-users@lists.fedoraproject.org Subject: [389-users] Question about expired/expiring passwords
In our environment, we have users that authenticate to our LDAP server in a few ways:
1) they log into the server directly using SSH via PuTTY; 2) they log in to our server using FileZilla or WS_FTP using SFTP;
3) they authenticate their account via the LDAP on a Windows server using pGina
In method 1, they are prompted to change their password if it is expired, or are given the warning about the password will expire in X days. How do I have the user get a similar warning/message when connecting via methods 2 and 3? We have a lot of users who get themselves flustered because they think they have the right password, but because they're never warned or given a message, they think its wrong, put in a few more passwords, and eventually lock their account out.
Any ideas? Harry
Harry Devine Common ARTS Software Development AJM-245 (609)485-4218 Harry.Devine@faa.gov[attachment "smime.p7s" deleted by Harry Devine/ACT/FAA] -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
I'm not familiar with #3 but for #2 you could add a check of the password age to the login process. The implement it universally but it in the etc login process. On Aug 9, 2012 4:01 PM, harry.devine@faa.gov wrote:
In our environment, we have users that authenticate to our LDAP server in a few ways:
1) they log into the server directly using SSH via PuTTY; 2) they log in to our server using FileZilla or WS_FTP using SFTP; 3) they authenticate their account via the LDAP on a Windows
server using pGina
In method 1, they are prompted to change their password if it is expired, or are given the warning about the password will expire in X days. How do I have the user get a similar warning/message when connecting via methods 2 and 3? We have a lot of users who get themselves flustered because they think they have the right password, but because they're never warned or given a message, they think its wrong, put in a few more passwords, and eventually lock their account out.
Any ideas? Harry
Harry Devine Common ARTS Software Development AJM-245 (609)485-4218 Harry.Devine@faa.gov -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org