>
> After "userPassword", insert "|| shadowLastChange " and click on
OK and
> again on OK on the parent window.
The problem we had with using the shadow attributes is that not all
platforms honor them (I don't recall seeing Solaris update
shadowLastChange).
Well that's unsettling. I'd have thought the nss_ldap would provide
adherence to RFC2307, where I believe shadowAccount to be outlined,
across platforms. And I'd have thought Solaris to support it foremost.
My implementations have been all Linux, but I know what I am going to
test next.
You'd also need to remember to update the
shadowLastChange attribute manually if you reset a user's password by
some mechanism outside of PAM (from the Administrator's Console, for
example).
Yes, I set this to today's date in my management scripts for command
line account maintenance.
FWIW, these scripts, and their templates, are here if anyone finds any use
for them.
http://www.panix.com/~kylet/ldap
--
- Kyle
---------------------------------------------
kylet(a)panix.com
http://www.panix.com/~kylet
---------------------------------------------