I looked at the rlm_unix module and it appears that it is only rejecting the authentication request if the shadow file has an Expiration date such as YYYY-MM-DD. Should or will be the maximum days the password is valid for compared against the last change date in the shadow file before the users account is locked, be part of the rlm_unix module reject once the password is older than the maximum age allowed?
Shadow File with aging from Red Hat 7.3: Username:password:12069:0:180:7:1:: The 12069 is date of last change. The 180 is maximum days the password is valid for. Thanks Andrew -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, March 26, 2003 6:41 AM To: [EMAIL PROTECTED] Subject: Re: Auth-Type = System & Password Aging "Andrew Grimmett" <[EMAIL PROTECTED]> wrote: > The users that are setup on my Radius server 8.1 are being authenticated > against the system /etc/shadow file. The passwords have aging of 180 > days, after the 180 days if a user authenticates through the radius > server it still allows them to login, ignoring the expiration of the > password. How do you configure the radius Expiration to read the > password age limits from the shadow file? Look at the source code to the rlm_unix module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
