[Fedora-directory-users] Issue with fine-grained password policy
Howard Chu
hyc at symas.com
Wed Oct 25 23:52:23 UTC 2006
> Date: Wed, 25 Oct 2006 14:40:45 -0700
> From: "George Holbert" <gholbert at broadcom.com>
> Last time I looked at this, I vaguely recall finding that pam_ldap
> doesn't pay too much attention to FDS password metadata for expiration
> warnings or strength restrictions. So what you're seeing may be the norm.
> Hopefully someone else out there will have better news for you on this.
Actually PADL's pam_ldap has had support for Netscape password policy
for many years - you just have to enable it and tell it the DN of the
policy object. Recently support has also been added for the IETF draft
LDAP password policy specification too, and it works well with the
OpenLDAP implementation of this spec. The OpenLDAP implementation has
also been tested successfully with CA eTrust, so there are at least a
couple implementations out there supporting the IETF spec.
> Ian Meyer wrote:
>> > Hello all,
>> >
>> > I set up FDS 1.0.2 on a server and got everything configured and
>> > imported etc etc.. things
>> > work great, I can authenticate against it, make updates.. but I can
>> > not get our linux
>> > clients to warn me about changing my password, expiration, length,
>> > etc.. I followed the instructions on
>> > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1074672
>> >
>> > to set up a global config, and a user config. Is there anything on the
>> > client side for PAM that needs to be configured? I've been pouring
>> > over this for a couple of days now so I may just be blind to a small
>> > detail I may have missed. Any help/insight would be appreciated.
>> >
>> > Thanks in advance,
>> > Ian
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
More information about the 389-users
mailing list