[Fedora-directory-users] SSH login and pwd expiration message
Kyle Tucker
kylet at panix.com
Tue Dec 5 17:28:36 UTC 2006
> I've configured a RHEL3 as LDAP client to my FedoraDS 1.0.2 on RHEL4.
> When I login via ssh with an LDAP account on the ldapclient I immediately get
> You are required to change your password immediately (password aged)
> Your password has expired, the session cannot proceed.
> You must change your password now and login again!
>
> After that I change the password and login again and I get the same error again.
> Any idea what's causing this? Is it an ACL that's preventing some
> attributes to be updates? Which attributes? If I just for testing
> delete these attributes I should get rid of this message, shouldn't I?
Assuming you're using shadowAccount attributes for your password expiry, you
are seeing just what I saw until "write for self" access was given to users
to up the shadowLastChange attribute. Here's how I fixed it in admin console.
In Directory tab, select root domain
Right click and select "Set Access Permissions"
Select "Enable self-write for common attributes" and click on Edit
After "userPassword", insert "|| shadowLastChange " and click on OK and
again on OK on the parent window.
--
- Kyle
---------------------------------------------
kylet at panix.com http://www.panix.com/~kylet
---------------------------------------------
More information about the 389-users
mailing list