Fwd: [Fedora-directory-users] Password Warnings

Ryan Braun [ADS] ryan.braun at ec.gc.ca
Fri Mar 14 12:58:50 UTC 2008 

On Friday 14 March 2008 05:55, Legatus wrote:

I've attached a script we were using on our old operational openldap servers.  
I haven't updated it much since we started running fds,  but it should give 
you some ideas on how to find out if user's passwords are expiring.

Basically,  we just run it from cron nightly and it will email each user whose 
password expiry is withing their shadowWarning threshold,  then email the 
admin all the users that are within their threshold.

Ryan


> Okay, I have been trying a lot of different things, and I don't see what I
> need to see. Let me try a slightly different question. Can someone post a
> working solution that includes password expiration and warnings in their
> application? Can they post OS and version, Fedora DS version, and the
> method that they use for detecting expired, and nearly expired passwords?
> Any configuration settings required?
>
> Thanks for the help so far,
>
> On Fri, Mar 7, 2008 at 4:30 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> > Legatus wrote:
> > > On Fri, Mar 7, 2008 at 1:18 PM, Rich Megginson <rmeggins at redhat.com
> > > <mailto:rmeggins at redhat.com>> wrote:
> > >
> > >     Legatus wrote:
> > >     > I did that. I know I have done that in the past.  I see on one
> > >
> > >     account
> > >
> > >     > the passwordExpWarned, I don't see passwordExpirationTime. We
> > >
> > >     need to
> > >
> > >     > be able to give users warnings that the password will expire in N
> > >     > days.  Am I looking in the wrong place, or is there a setting I
> > >     > haven't set? I set up a policy that is supposed to expire
> >
> > passwords,
> >
> > >     > and warn users.
> > >
> > >     One thing is that a user who has not had his/her password changed
> > >     since
> > >     password expiration was enabled will not have the
> > >     passwordExpirationTime
> > >     attribute in his/her entry, but you could add it manually.
> > >
> > >     Another thing - I'm not sure how it is possible that a user could
> >
> > have
> >
> > >     the passwordExpWarned but not the passwordExpirationTime attribute.
> > >     Just looking at the code, everywhere it sets passwordExpWarned it
> >
> > also
> >
> > >     sets passwordExpirationTime.
> > >
> > >
> > > That is why I am confused. I thought that was how it was supposed to
> > > work.
> >
> > If you update the password, do both attributes appear?
> >
> > > -----------------------------------------------------------------------
> > >-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mail_check.pl
Type: application/x-perl
Size: 6518 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080314/9806cf8a/attachment.pl>

More information about the 389-users mailing list