[389-users] SSH key based login bypasses password policies
David Nguyen
d_k_nguyen at yahoo.com
Fri Feb 3 23:35:56 UTC 2012
Hi all,
I noticed that logins via ssh key bypass the LDAP password policies
(password ageing, password warning, and password lockout due to failed
attempts, etc). Is there any way to force key based ssh logins to
respect the password
policies?
I noticed that if I use the shadow attributes in LDAP for a user
(shadowWarning, shadowMax, shadowLastChange) instead of relying on the
password policy that, it works as expected - user is warned when
password is expiring and users with an expired password are forced
into a password change. Unfortunately I don't see any way to enforce
password lockout due to failed attempts in the shadow attributes.
Any ideas on how to force ssh key based logins to respect the password policy?
Thanks in advance,
David
More information about the 389-users
mailing list