Hi Stephan, Brian May schrieb: > If I use the "Invalid Password" option in the "Unix" section of a user, > I get a password of *. This is not invalid. pam_ldap accepts the > password fine and allows the user to log in. Perhaps that means the > fault is with pam_ldap, not sure.
can you tell me why pam-ldap accepts a "*" as password? Should LDAP accounts not be formated just like accounts in /etc/(passwd|shadow)? How do I disable an account, setting no userPassword attribute at all? When I set a user password which starts with "*" then "getent shadow" shows me an "x" in the password field. Greetings Roland -- LDAP Account Manager http://lam.sourceforge.net
signature.asc
Description: OpenPGP digital signature